blob: 260020cc6839b6503867744698b2139867d91fa1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
|
###########
1.4 Sagitta
###########
..
Please don't add anything by hand.
This file is managed by the script:
_ext/releasenotes.py
1.4.1 (future release)
======================
**Configuration syntax changes (automatically migrated)**
* :vytask:`T6505` ``Support VXLAN VLAN-VNI range mapping in CLI``
**New features and improvements**
* :vytask:`T5878` ``Make the list of SSH server ciphers configurable``
* :vytask:`T5949` ``Disable USB autosuspend``
* :vytask:`T6320` ``WiFi: Enable support for 6GHz AccesPoints``
* :vytask:`T6423` ``Require command definition nodes that have an owner to also have a priority``
* :vytask:`T6424` ``ipsec: op-mode command to generate client profiles should honor common name of the CA node that signed the server certificate``
* :vytask:`T6454` ``Explicitly set the default reverse proxy mode to HTTP``
* :vytask:`T6462` ``wireless: add op-mode command for hostapd and wpa_supplicant logs``
* :vytask:`T6473` ``bgp: missing completion helper for peer-groups inside a VRF``
* :vytask:`T6477` ``Adding Loki plugin to Telegraf``
* :vytask:`T6505` ``Support VXLAN VLAN-VNI range mapping in CLI``
* :vytask:`T6538` ``Allow adding a geneve interface to the vrf.``
* :vytask:`T6539` ``Add logging options to load-balancer reverse-proxy``
* :vytask:`T6566` ``op-mode: "monitor bandwidth" add support for listing all interfaces concurrently``
* :vytask:`T6576` ``op-mode: ntp: add support for NTP service restart via CLI``
* :vytask:`T6614` ``Initial support for smoketesting op-mode commands``
**Bug fixes**
* :vytask:`T2145` ``openvpn: server default topology net30 is incompatible with static client IPs for Windows clients``
* :vytask:`T4287` ``wireless: cannot set regulatory domain``
* :vytask:`T5514` ``Improve error handling when/if config.boot is deleted or missing``
* :vytask:`T5552` ``'set system option performance throughput' enables IPv6 forwarding even if it's explicitly disabled with 'set system ipv6 disable-forwarding'``
* :vytask:`T5725` ``protocol IS-IS configuration is empty if a tunnel does not have remote address``
* :vytask:`T5947` ``[1.3.2 -> 1.4.0-RC1 Migration] Static ipv6 routes dropped``
* :vytask:`T6148` ``Reset vpn ipsec command breaks tunnel and does not reset SAs that are down``
* :vytask:`T6332` ``IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr``
* :vytask:`T6401` ``Attempts to delete vlan-to-vni option causes an unhandled exception``
* :vytask:`T6429` ``bug - isis metric-style not applied configuration``
* :vytask:`T6431` ``monitor traceroute broken VRF support``
* :vytask:`T6453` ``GRUB variables with `=` in a value are parsed improperly``
* :vytask:`T6460` ``Showing DHCPv6 leases can fail due to DUID parsing issues``
* :vytask:`T6463` ``reverse-proxy: service not reloaded when updating SSL certificate via PKI``
* :vytask:`T6464` ``sstpc: interface not restarted when updating SSL certificate via PKI``
* :vytask:`T6480` ``PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/..../cert.pem``
* :vytask:`T6484` ``Smoketest fails: fastnetmon killed due to OOM``
* :vytask:`T6503` ``Command 'restart ssh' not working``
* :vytask:`T6519` ``interfaces: 20-to-21 -> migration fails if new system has less ethernet interfaces``
* :vytask:`T6523` ``Error: "nft table ip vyos_filter not found" when commiting prometheus-client``
* :vytask:`T6559` ``vyos-configd should return commit error on config dependency error``
* :vytask:`T6584` ``Revert addition of Linux Kernel MT7921 driver``
* :vytask:`T6593` ``Release DHCP interface does not work``
* :vytask:`T6600` ``ospf: smoketest "router ospf' not found in" for ldp sync``
* :vytask:`T6602` ``interfaces: verify supplied VRF name on all interface types``
* :vytask:`T6603` ``vrf: nftables conntrack ct_iface_map contains multiple identical entries``
* :vytask:`T6605` ```ConfigError()` behavior is wrong with running `vyos-configd```
* :vytask:`T6610` ``Missing minisign pub key from image``
**Other resolved issues**
* :vytask:`T4026` ``PKI: generate pki certificate sign <ca-name> is not working``
* :vytask:`T5570` ``PAM config RADIUS ignore for default and success``
* :vytask:`T6290` ``SNMPD show logs systemstats_linux: unexpected header length``
* :vytask:`T6379` ``"generate openvpn" uses "comp-lzo no", which leads to problems on Android-Clients``
* :vytask:`T6446` ``Display the support URL from image build data in LTS builds``
* :vytask:`T6486` ``Generate openvpn client-config ignores configured protocol type``
* :vytask:`T6500` ``openconnect: add support for new multi ca-certificate CLI node``
* :vytask:`T6524` ``Rewrite "release dhcp interface <interface>" to Python to drop remaining Perl dependencies``
* :vytask:`T6592` ``Changing VRF on interface fails``
* :vytask:`T6594` ``IPoE-server extended-scripts do not work``
* :vytask:`T6597` ``wireless: hostapd occationly gets deactivated via systemd and causes loss in connectivity``
* :vytask:`T6598` ``Unexpected podman version 4.3.1``
1.4.0 (4th June 2024)
=====================
**New features and improvements**
* :vytask:`T3202` ``Enable wireguard debug messages by default``
* :vytask:`T4022` ``Add package nat-rtsp-dkms``
* :vytask:`T4393` ``sstp: add support for configuring host-name (SNI)``
* :vytask:`T5386` ``Execute VRRP transition script when `set high-availability disable` is commited``
* :vytask:`T5752` ``Check compatibility of new image tools with XCP-NG images``
* :vytask:`T6293` ``add Mediatek MT7921 to defconfig``
* :vytask:`T6339` ``Display the flavor name and build comment in "show version"``
* :vytask:`T6395` ``Enable VFIO No-IOMMU support in kernel config``
**Bug fixes**
* :vytask:`T4576` ``vpn l2tp logging level configuration``
* :vytask:`T5527` ``Adjust for change in coreutils behavior on overlayfs``
* :vytask:`T5939` ``[1.3.5 -> 1.4.0-RC1 Migration] as-path-list Entries Get Messed Up``
* :vytask:`T5940` ``[1.3.5 -> 1.4.0-RC1 Migration] commit-archive Fails to Migrate``
* :vytask:`T6038` ``Losing default route after first reboot (cloud-init & DHCP)``
* :vytask:`T6094` ``Destination Nat not Making Firewall Rules``
* :vytask:`T6225` ``Unhandled exception when configuring random-detect QoS policy``
* :vytask:`T6348` ``SNAT op-mode fails with flowtable offload entries``
* :vytask:`T6356` ``Correct the syntax of config.boot.default [..., 'ntp', 'server'] from leaf node with value to tag node``
* :vytask:`T6365` ``Negating interface names in NAT configuration causes invalid warnings``
* :vytask:`T6377` ``PermissionError on /config/auth/letsencrypt/live/ when running show pki``
* :vytask:`T6400` ``pki: unable to generate fingerprint for ACME issued certificates``
* :vytask:`T6402` ``Invalid variables referenced in reverse proxy validation``
* :vytask:`T6404` ``Include constraintGroup element in reference tree``
* :vytask:`T6407` ``Generate ipsec profile error``
* :vytask:`T6419` ``reverse-proxy: full CA chain is not build when verifying backend server``
* :vytask:`T6421` ``host-name has no explicit priority to be set on system boot``
**Other resolved issues**
* :vytask:`T1981` ``Allow route-map 'set src' to reference both IPv4 and IPv6``
* :vytask:`T3493` ``DHCPv6 does not have prefix range validation``
* :vytask:`T4519` ``DHCPv6: "set show dhcpv6 server leases" should show DUID instead of IAID_DUID``
* :vytask:`T4909` ``Rewrite the NTP op mode in the new format``
* :vytask:`T5351` ``VyOS deployed with cloud-init improperly saves config.boot``
* :vytask:`T6022` ``set system image default-boot``
* :vytask:`T6048` ``Exception in event handler script``
* :vytask:`T6328` ``Add a warning message about deprecation of web proxy URL filtering``
* :vytask:`T6333` ``non-free-firmware to trixie``
* :vytask:`T6345` ``Source NAT Port Mapping setting of Fully-Random is superfluous in Kernels 5.0 onwards``
* :vytask:`T6346` ``Boot to multi-user.target instead of graphical.target``
* :vytask:`T6358` ``Container config option to enable host pid``
* :vytask:`T6367` ``op-mode: commit-archive: TypeError: attribute name must be string, not 'NoneType'``
* :vytask:`T6383` ``Incorrect completion for rollback-soft``
* :vytask:`T6384` ``rollback-soft should tell the user to compare and commit``
* :vytask:`T6391` ``load-balancing reverse-proxy: typo in timeout help``
* :vytask:`T6396` ``MINOR Typo: set system conntrack timeout custom ipv4 rule X``
* :vytask:`T6409` ``Remove unused parameter node from reverse-proxy backend``
1.4.0-epa3 (14th May 2024)
==========================
**Security**
* :vytask:`T6324` ``CVE-2024-2961``
**Configuration syntax changes (automatically migrated)**
* :vytask:`T5535` ``Move disable-directed-broadcast to firewall global-options``
* :vytask:`T6171` ``Rename the DHCP server "failover" command to "high-availability mode"``
* :vytask:`T6208` ``container: rename "cap-add" CLI node to "capability"``
* :vytask:`T6216` ``Firewall group names that contain the '+' character break the config``
* :vytask:`T6295` ``netns: disable incomplete support in VyOS 1.4 sagitta``
**New features and improvements**
* :vytask:`T4309` ``Support network/address-groups and ipv6-network/ipv6-address-groups in "conntrack ignore"``
* :vytask:`T4903` ``Support IPv6 addresses in "set system conntrack ignore"``
* :vytask:`T5364` ``Make it possible to set the PADO delay to 0``
* :vytask:`T6127` ``Ability to view logs for rules with Offload not functional``
* :vytask:`T6133` ``Add domain-name to commit-archive``
* :vytask:`T6143` ``Increase configuration timeout range for service config-sync``
* :vytask:`T6154` ``Installer should ask for password twice``
* :vytask:`T6161` ``Add support for displaying container image data in JSON``
* :vytask:`T6162` ``ixgbe: Add 1000BASE-BX support``
* :vytask:`T6171` ``Rename the DHCP server "failover" command to "high-availability mode"``
* :vytask:`T6176` ``image-tools: rationalize setting of console type``
* :vytask:`T6184` ``image-tools: add op-mode command to set default boot console type``
* :vytask:`T6192` ``Support running SSH server in more than one VRF``
* :vytask:`T6226` ``Add "tcp-requece inspect-delay" to reverse proxy``
* :vytask:`T6257` ``Add op mode commands for dynamic firewall address groups``
* :vytask:`T6258` ``Add IPv6 base-reachable-time option to interfaces``
* :vytask:`T6260` ``image-tools: remove the image directory if it fails to install due to insufficient drive space``
* :vytask:`T6267` ``Improve commit failure messages for wireless interface configuration``
* :vytask:`T6278` ``Attempt hint for console type during image install``
* :vytask:`T6291` ``Add op mode commands for displaying LACP information for bonding interfaces``
* :vytask:`T6306` ``EVPN-MH - missing options in uplink ports``
**Bug fixes**
* :vytask:`T2590` ``DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c``
* :vytask:`T3655` ``NAT doesn't work correctly with VRF``
* :vytask:`T4718` ``DHCP server listen-address doesn't take effect if the interface is in a VRF``
* :vytask:`T5164` ``op cmd: "show dhcp server leases state" with available options does not show any result``
* :vytask:`T5862` ``Default MTU is not acceptable in some environments``
* :vytask:`T5875` ``login: removing and re-adding a user keeps the home directory but changes the UID, thus SSH keys no longer work``
* :vytask:`T5996` ``Incorrect behavior for backslash escapes in config save and compare commands``
* :vytask:`T6082` ``BGP doesn't allow the same local AS and remote AS in peer groups``
* :vytask:`T6085` ``VTI interfaces are in UP state by default``
* :vytask:`T6089` ``[1.3.6->1.4.0-epa1 Migration] "ospf passive-interface default" incorrectly added``
* :vytask:`T6090` ``Migration of "policy route" configs fails due to TCP flag case sensitivity``
* :vytask:`T6100` ``NAT config migration error in 1.4.0-epa1 if invalid address/network defined in 1.3.6 version``
* :vytask:`T6106` ``Improve the commit error message for the case when route-reflector-client option is defined in a peer-group``
* :vytask:`T6119` ``Use a compliant TOML parser``
* :vytask:`T6130` ``[1.3.6->1.4.0-epa2 Migration] BGP "set community" missing``
* :vytask:`T6131` ``Disabling openvpn interface(s) causes OSPF to fail to load on reboot``
* :vytask:`T6136` ``Configuring a dynamic address group, config script did not check whether the group was created``
* :vytask:`T6138` ``Conntrack table op-mode fails with flowtable offload entries``
* :vytask:`T6145` ``Service config-sync does not rely on priorities``
* :vytask:`T6147` ``Conntrack not working as expected with global state-policy``
* :vytask:`T6149` ``Update node_data when merging nodes in reference tree generation``
* :vytask:`T6152` ``Kernel panic for ZimaBoard 232``
* :vytask:`T6160` ``Unhandled exception when configuring IS-IS``
* :vytask:`T6165` ``grub: vyos-grub-update failed to start on "slow" systems``
* :vytask:`T6167` ``VNI not set on VRF after reboot``
* :vytask:`T6168` ``"add system image" does not set the default boot image to the current console type in compatibility mode``
* :vytask:`T6169` ``DNS forwarding configuration rejects underscores in SRV records``
* :vytask:`T6173` ``Build Causes Errors When "--version" Contains Slashes ("/")``
* :vytask:`T6175` ``op-mode: "renew dhcp interface <name>" does not check if it's an actual DHCP interface``
* :vytask:`T6178` ``reverse-proxy doesn't check that a certificate exists at set time``
* :vytask:`T6179` ``Incorrect HAProxy config generated for reverse-proxy rules with url-path``
* :vytask:`T6186` ``'set system image default-boot' fails to find images that actually do exist in the system``
* :vytask:`T6189` ``BGP L3VPN connectivity is broken after re-enabling VRF``
* :vytask:`T6191` ``Policy route set-mss option is not working correctly``
* :vytask:`T6193` ``dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces``
* :vytask:`T6196` ``route-map and summary-only do not work in BGP aggregation at the same time``
* :vytask:`T6197` ``Validation error in the IPoE server interface client-subnet option``
* :vytask:`T6202` ``Multi-Protocol BGP is broken by 6PE patch in upstream FRR 9.1``
* :vytask:`T6205` ``ipoe: error in migration script logic while renaming mac-address to mac``
* :vytask:`T6206` ``L2tp smoketest fails if vyos-configd is running``
* :vytask:`T6207` ``image-tools: restore ability to copy config.boot.default on image install``
* :vytask:`T6213` ``Validations in firewall groups mistakenly reject correct configurations``
* :vytask:`T6216` ``Firewall group names that contain the '+' character break the config``
* :vytask:`T6218` ``Container network interface in VRF fails to generate IPv6 link-local address``
* :vytask:`T6221` ``Enabling VRF breaks connectivity``
* :vytask:`T6222` ``VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters``
* :vytask:`T6241` ``Updating CRL in "pki" config does not update OpenVPN``
* :vytask:`T6243` ``Update vyos-http-api-tools for package idna security advisory``
* :vytask:`T6250` ``"policy route-map set table" cannot be deleted from the rule``
* :vytask:`T6252` ``GRE tunnels don't allow configuring MTU larger than 8024``
* :vytask:`T6255` ``Static table description should not contain white-space``
* :vytask:`T6263` ``Commit failures when trying to set an IGMP group with source address on an interface``
* :vytask:`T6269` ``Polixy route "set table" option is not working correctly``
* :vytask:`T6272` ``PPPoE configuration does not load after deleting a PPPoE interface from the system``
* :vytask:`T6276` ``Do not call config dependencies on script error``
* :vytask:`T6283` ``Cannot delete as-path prepend from policy when it contains more than one AS``
* :vytask:`T6284` ``IPoE server op mode commands do not show IPv6 addresses``
* :vytask:`T6299` ``Building VyOS (Dockerized) current ISO fails dues to unmet dependencies podman : Depends: libgpgme11t64 (>= 1.4.1) but it is not installable``
* :vytask:`T6305` ``IPoE interface wildcard validation error in firewall rules``
* :vytask:`T6307` ``procps is missing from vyos-1x build dependencies``
* :vytask:`T6317` ``VLAN doesn't work on a bridge with a wireless interface member``
* :vytask:`T6329` ``Firewall - Error while printing groups``
**Other resolved issues**
* :vytask:`T4516` ``Rewrite system image manipulation tools in Python``
* :vytask:`T5535` ``Move disable-directed-broadcast to firewall global-options``
* :vytask:`T6146` ``Add python script to get all priorities of service or section from XML``
* :vytask:`T6159` ``"show openvpn server" prints a superfluous "OpenVPN status on vtunx" message for every client connection``
* :vytask:`T6180` ``Add application of mask to configtree``
* :vytask:`T6185` ``Simplify marshalling of section and config data for config-sync``
* :vytask:`T6187` ``Use correct CPU counts adjusted for SMT when necessary``
* :vytask:`T6195` ``dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1``
* :vytask:`T6198` ``configverify: add common helper for PKI certificate validation``
* :vytask:`T6203` ``Remove references to the obsolete vyos.xml module (superseded by vyos.xml_ref)``
* :vytask:`T6208` ``container: rename "cap-add" CLI node to "capability"``
* :vytask:`T6234` ``PPPoE-server pado-delay refactoring``
* :vytask:`T6245` ``Unhandled exception in "show openvpn server"``
* :vytask:`T6295` ``netns: disable incomplete support in VyOS 1.4 sagitta``
* :vytask:`T6327` ``Drop boot console type ttyUSB (USB serial)``
* :vytask:`T6330` ``release.pref.chroot indentation broken``
1.4.0-epa2 (15th March 2024)
============================
**Configuration syntax changes (automatically migrated)**
* :vytask:`T6079` ``dhcp: migration fails for duplicate static-mapping``
**New features and improvements**
* :vytask:`T4977` ``Babel routing protocol support``
* :vytask:`T5504` ``Make it possible to set more than one peer-address in unicast VRRP``
* :vytask:`T5530` ``Add LFA to IS-IS``
* :vytask:`T5631` ``Ability to export the current configuration in JSON format``
* :vytask:`T5717` ``ospfv3 - add allow to set metric-type to ospf redistribution while frr docs says its possible.``
* :vytask:`T5772` ``Require HTTPS API server configurations to include at least one key if key-based auth is used``
* :vytask:`T5781` ``Add ability to add additional minisign keys``
* :vytask:`T6057` ``Add ability to disable syslog for conntrackd``
* :vytask:`T6060` ``op-mode: container: support removing all container images at once``
* :vytask:`T6087` ``ospfv3: add support to redistribute IS-IS routes``
**Bug fixes**
* :vytask:`T2998` ``SNMP v3 oid "exclude" option doesn't work``
* :vytask:`T4270` ``When "ignore-hosts-file" is unset, local hostname of the router resolves to 127.0.1.1 in the DNS forwarding service``
* :vytask:`T5121` ``Incorrect "architecture" config loaded``
* :vytask:`T5646` ``QoS policy limiter broken if class without match``
* :vytask:`T5909` ``Container registry with authentication prevents config load (section container) after reboot``
* :vytask:`T6004` ``Missing RPKI boot priority prevents it from loading``
* :vytask:`T6020` ``VRRP health-check script is not applied correctly in keepalived.conf``
* :vytask:`T6054` ``load-balancing wan - doesn't configure a list of ports``
* :vytask:`T6055` ``PKI error: "failed to install x value" when executed the command from conf mode``
* :vytask:`T6061` ``connection-status nat destination firewall filter not working in 1.4.0-epa1``
* :vytask:`T6069` ``HTTP API segfault during concurrent configuration requests``
* :vytask:`T6070` ``bnx2x NIC causes a commit error due to incorrect implementation of EEE status reading``
* :vytask:`T6073` ``Conntrack/NAT not being disabled when VRFs are defined``
* :vytask:`T6074` ``container: do not allow deleting images which have a container running``
* :vytask:`T6079` ``dhcp: migration fails for duplicate static-mapping``
* :vytask:`T6081` ``QoS policy shaper target and interval wrong calcuations``
* :vytask:`T6084` ``OpenNHRP DMVPN configuration file clean after reboot if we have any IPSec configuration``
* :vytask:`T6086` ``NAT does not work with network-groups``
* :vytask:`T6093` ``Incorrect dhcp-options vendor-class-id regex``
* :vytask:`T6096` ``Config commits are not synced properly because 00vyos-sync is deleted by vyos-router``
* :vytask:`T6098` ``Description doesnt seem to allow for non international characters``
* :vytask:`T6104` ``Regression in commit-archive for non-interactive configuration``
* :vytask:`T6107` ``Nginx does not allow big config queries for configure endpoint API``
* :vytask:`T6141` ``Trying to set PADO delay in PPPoE server without also configuring the session options causes a commit failure``
**Other resolved issues**
* :vytask:`T2199` ``Rewrite firewall in new XML/Python style``
* :vytask:`T5738` ``Extend XML building blocks``
* :vytask:`T5870` ``ipsec remote access VPN: add x509 ("pubkey") authentication``
* :vytask:`T5959` ``Streamline dns forwarding service``
* :vytask:`T6071` ``firewall: CLI description limit of 256 characters cause config upgrade issues``
* :vytask:`T6075` ``Applying firewall rules with a non-existent interface group``
* :vytask:`T6077` ``banner: implement ASCII contest winner default logo``
* :vytask:`T6083` ``ethtool: move string parsing to JSON parsing``
* :vytask:`T6095` ``Tab completion for "set interfaces wireless wlan0 country-code" incorrect country "uk"``
* :vytask:`T6214` ``Error when using some constraints``
1.4.0-epa1 (22th February 2024)
===============================
**Security**
* :vytask:`T4915` ``Minisign verification failure == pass??``
**Breaking changes**
* :vytask:`T5605` ``Do not generate keysize option in OpenVPN configs``
**Configuration syntax changes (automatically migrated)**
* :vytask:`T1991` ``Rework time services``
* :vytask:`T5877` ``Reduce unnecessary nesting in system domain-search path and improve smoketest``
**New features and improvements**
* :vytask:`T160` ``Support NAT64``
* :vytask:`T1991` ``Rework time services``
* :vytask:`T4221` ``Add a template filter for converting scalars to single-item lists``
* :vytask:`T4883` ``Add a description field for routing tables``
* :vytask:`T4940` ``Interface debugging``
* :vytask:`T5122` ``Move "archive-areas" to defaults.toml to support "non-free-firmware" repository``
* :vytask:`T5418` ``Allow arbitrary subnets in PPPoE client IP pools``
* :vytask:`T5449` ``Add options for TCP MSS probing``
* :vytask:`T5497` ``Add ability to resequence rule numbers for firewall``
* :vytask:`T5615` ``Narrow down spurious name conflict with mdns``
* :vytask:`T5877` ``Reduce unnecessary nesting in system domain-search path and improve smoketest``
* :vytask:`T5965` ``WWAN modems using raw-ip do not work with dhclient/dhcp6c``
* :vytask:`T5972` ``login: add possibility to disable individual local user accounts``
**Bug fixes**
* :vytask:`T2113` ``OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping``
* :vytask:`T2700` ``Redirecting traffic from PPPoE interface to IFB fails``
* :vytask:`T2801` ``conntrack-tools flooding logs``
* :vytask:`T3681` ``The VMware Tools resume script did not run successfully in this virtual machine.``
* :vytask:`T3774` ``atop logs are not limited in size``
* :vytask:`T3902` ``Firewall does not load on boot, address-group not found, even though it exists``
* :vytask:`T4796` ``build-vyos-image ignores multiple options``
* :vytask:`T5239` ``Host name and domain name missing from the FRR configuration``
* :vytask:`T5245` ``Wireless interfaces do not get IPv6 link-local address assigned``
* :vytask:`T5376` ``Conntrack FTP helper does not work properly``
* :vytask:`T5890` ``OTP key generation is broken``
* :vytask:`T5926` ``IPSEC does not apply after l2tp configuration was changed``
* :vytask:`T5977` ``nftables: Operation not supported when using match-ipsec in outbound firewall``
* :vytask:`T6005` ``Error on adding a wireguard interface to OSPFv3``
* :vytask:`T6043` ``VxLAN and bridge error bug``
* :vytask:`T6056` ``Applying 'system static-host-mapping' command calls unnecessary snmpd restart``
* :vytask:`T6064` ``Can not build VyOS if repository it not cloned to a branch``
**Other resolved issues**
* :vytask:`T671` ``Identify and remove dead code``
* :vytask:`T874` ``Support for Two Factor Authentication for CLI access via Google Authenticator/OTP``
* :vytask:`T1311` ``WAN load-balancing can't flush connections when conntrack-sync is enabled``
* :vytask:`T1436` ``Config entries with default values do not correctly show as changed``
* :vytask:`T1487` ``DNS (pdns_recursor) stats logs not saved to disk``
* :vytask:`T2433` ``Improve CLI value validator performance``
* :vytask:`T3337` ``Add possibility to serve static DNS zones from the router``
* :vytask:`T3471` ``DHCP hook is not able to detect all running DHCP instances``
* :vytask:`T3474` ``Revisit storing syntax version of interface definitions in XML file``
* :vytask:`T3522` ``policy based routing not working``
* :vytask:`T3574` ``Add constraintGroup for combining validators with logical AND``
* :vytask:`T3642` ``PKI configuration``
* :vytask:`T3722` ``op-mode IPSec show vpn ike sa always shows L-TIME 0``
* :vytask:`T3766` ``containers: Expanding options for networking and building containers``
* :vytask:`T4723` ``Error when issuing 'show flow-accounting interface pppoe0'``
* :vytask:`T4761` ``Add a generic URL validator``
* :vytask:`T4795` ``Cleanup custom python validators``
* :vytask:`T4951` ``Add an op mode exception for cases when operations fail due to insufficient system resources``
* :vytask:`T5109` ``Improve OCaml XML validator``
* :vytask:`T5195` ``Break up the vyos.util module``
* :vytask:`T5348` ``Service config-sync can freeze the secondary router if it has commit-archive location``
* :vytask:`T5605` ``Do not generate keysize option in OpenVPN configs``
* :vytask:`T5754` ``Update to StrongSwan 5.9.11``
* :vytask:`T5846` ``Refactor and simplify DUID definition in conf-mode``
* :vytask:`T5903` ``NHRP don´t start on reboot from version 1.5-rolling-202401010026``
* :vytask:`T6001` ``Add option to enable resolve-via-default``
* :vytask:`T6015` ``"journalctl_charon" file does not contain data in the generated "ipsec debug-archive" file``
* :vytask:`T6050` ``Wrong scripting commands descriptions in accel-ppp services``
* :vytask:`T6078` ``Update ethtool to 6.6``
|
