13 files changed, 621 insertions, 101 deletions
diff --git a/docs/404.rst b/docs/404.rst
index 85444615..5073773a 100644
--- a/docs/404.rst
+++ b/docs/404.rst
@@ -7,4 +7,5 @@ Sorry, We could not find a page.
 Try using the search box or go to the release homepage:
 
   * `1.2.x (crux) <https://docs.vyos.io/en/crux/>`_
-  * `rolling release (equuleus) <https://docs.vyos.io/en/latest/>`_
-\ No newline at end of file
+  * `1.3.x (equuleus) <https://docs.vyos.io/en/equuleus/>`_
+  * `rolling release (sagitta) <https://docs.vyos.io/en/latest/>`_
diff --git a/docs/_include/interface-eapol.txt b/docs/_include/interface-eapol.txt
index 68e5073d..640fc6e3 100644
--- a/docs/_include/interface-eapol.txt
+++ b/docs/_include/interface-eapol.txt
@@ -7,31 +7,35 @@ EAPoL comes with an identify option. We automatically use the interface MAC
 address as identity parameter.
 
 .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
-  {{ var5 }} {{ var6 }} eapol ca-cert-file <file>
+  {{ var5 }} {{ var6 }} eapol ca-certificate <name>
 
-  SSL :abbr:`CA (Certificate Authority)` x509 PEM file used afor authentication
-  of the remote side.
+  Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for
+  authentication of the remote side. If an intermediate CA certificate is
+  specified, then all parent CA certificates that exist in the PKI, such as the
+  root CA or additional intermediate CAs, will automatically be used during
+  certificate validation to ensure that the full chain of trust is available.
 
-  .. code-block:: none
-
-    set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol ca-cert-file /config/auth/ca.pem
-
-.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
-  {{ var5 }} {{ var6 }} eapol cert-file <file>
-
-  SSL/x509 public certificate file provided by the client to authenticate
-  against the 802.1x system.
+  Example:
 
   .. code-block:: none
 
-    set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol cert-file /config/auth/public.pem
+    set pki ca eapol-server-intermediate-ca <Server intermediate CA contents>
+    set pki ca eapol-server-root-ca <Server root CA contents>
+    set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol ca-certificate eapol-server-intermediate-ca
 
 .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
-  {{ var5 }} {{ var6 }} eapol key-file <file>
+  {{ var5 }} {{ var6 }} eapol certificate <name>
+
+  Set the name of the x509 client keypair used to authenticate against the
+  802.1x system. All parent CA certificates of the client certificate, such as
+  intermediate and root CAs, will be sent as part of the EAP-TLS handshake.
 
-  SSL/x509 private certificate file provided by the client to authenticate
-  against the 802.1x system.
+  Example:
 
   .. code-block:: none
 
-    set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol key-file /config/auth/private.key
+    set pki ca eapol-client-intermediate-ca <Client intermediate CA contents>
+    set pki ca eapol-client-root-ca <Client root CA contents>
+    set pki certificate eapol-client certificate <Client certificate contents>
+    set pki certificate eapol-client private key <Client private key contents>
+    set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol certificate eapol-client
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
-Subproject 221aee86f4d4291434dc60569d3d58da99639ff
+Subproject 812d9770619b968b04961aebf3944fde13df491
diff --git a/docs/automation/cloud-init.rst b/docs/automation/cloud-init.rst
index 3ca8739b..6164068c 100644
--- a/docs/automation/cloud-init.rst
+++ b/docs/automation/cloud-init.rst
@@ -20,9 +20,11 @@ VyOS support three types of config sources.
 * Metadata - Metadata is sourced by the cloud platform or hypervisor.
   In some clouds, there is implemented as an HTTP endpoint at
   ``http://169.254.169.254``.
+
 * Network configuration - This config source informs the system about the
   network settings like IP addresses, routes, DNS. Available only in several
   cloud and virtualization platforms.
+
 * User-data - User-data is specified by the user. This config source offers the
   ability to insert any CLI configuration commands into the configuration before
   the first boot.
@@ -49,9 +51,9 @@ In VyOS, by default, enables only two modules:
 * ``write_files`` - this module allows to insert any files into the filesystem
   before the first boot, for example, pre-generated encryption keys,
   certificates, or even a whole ``config.boot`` file.
+
 * ``vyos_userdata`` - the module accepts a list of CLI configuration commands in
   a ``vyos_config_commands`` section, which gives an easy way to configure the
-
   system during deployment.
 
 ************************
@@ -69,15 +71,15 @@ Initial Configuration
 ************************
 
 
-The key used to designate a VyOS configuration is ``vyos_config_commands``. What 
-follows is VyOS configuration using the "set-style" syntax. Both "set" and "delete" 
-commands are supported.
+The key used to designate a VyOS configuration is ``vyos_config_commands``.
+What follows is VyOS configuration using the "set-style" syntax. Both "set"
+and "delete" commands are supported.
 
 Commands requirements:
 
-* one command per line
-* if command ends in a value, it must be inside single quotes
-* a single-quote symbol is not allowed inside command or value
+* One command per line.
+* If command ends in a value, it must be inside single quotes.
+* A single-quote symbol is not allowed inside command or value.
 
 The commands list produced by the ``show configuration commands`` command on a
 VyOS router should comply with all the requirements, so it is easy to get a 
@@ -86,7 +88,8 @@ proper commands list by copying it from another router.
 The configuration specified in the cloud-config document overwrites default
 configuration values and values configured via Metadata.
 
-Here is an example cloud-config that appends configuration at the time of first boot.
+Here is an example cloud-config that appends configuration at the time of
+first boot.
 
 .. code-block:: yaml
 
@@ -105,9 +108,9 @@ System Defaults/Fallbacks
 
 These are the VyOS defaults and fallbacks.
 
-* SSH is configured on port 22
-* ``vyos``/``vyos`` credentials if no others specified by data source
-* DHCP on first Ethernet interface if no network configuration is provided
+* SSH is configured on port 22.
+* ``vyos``/``vyos`` credentials if no others specified by data source.
+* DHCP on first Ethernet interface if no network configuration is provided.
 
 All of these can be overridden using the configuration in user-data.
 
@@ -147,8 +150,8 @@ configuration.
          run show ip bgp summary >> $filename
 
 
-If you need to gather information from linux commands to configure VyOS, you can
-execute commands and then configure VyOS in the same script.
+If you need to gather information from linux commands to configure VyOS, you
+can execute commands and then configure VyOS in the same script.
 
 The following example sets the hostname based on the instance identifier
 obtained from the EC2 metadata service.
@@ -211,8 +214,8 @@ the method with KVM to attach the ISO as a CD drive follows.
      --noautoconsole
 
 
-For more information on the NoCloud data source, visit its 
-`page <https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html>`_
+For more information on the NoCloud data source, visit its `page
+<https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html>`_
 in the cloud-init documentation. 
 
 ***************
@@ -231,3 +234,189 @@ most important data filtering output for ``vyos`` keyword:
 
     sudo grep vyos /var/log/cloud-init.log
 
+*********************
+Cloud-init on Proxmox
+*********************
+
+Before starting, please refer to cloud-init `network-config-docs`_ in order to
+know how to import user and network configurations.
+
+Most important keys that needs to be considered:
+
+* VyOS configuration commands are defined in user-data file.
+
+* Networking configurations shouldn't be passed in user-data file.
+
+* If no networking configuration is provided, then dhcp client is going to be
+  enabled on first interface. Bare in mind that this configuration will be
+  inyected at an OS level, so don't expect to find dhcp client configuration
+  on vyos cli. Because of this behavior, in next example lab we will disable
+  dhcp-client configuration on eth0.
+
+  Also, this lab considers:
+  
+* Proxmox IP address: **192.168.0.253/24**
+
+* Storaged used: volume local, which is mounted on directory **/var/lib/vz**,
+  and contains all type of content, including snippets.
+
+* Remove default dhcp client on first interface, and load other
+  configuration during first boot, using cloud-init.
+
+-------------------
+Generate qcow image
+-------------------
+
+A VyOS qcow image with cloud-init options is needed. This can be obteined
+using `vyos-vm-images`_ repo. After clonning the repo, edit the file
+**qemu.yml** and comment the **download-iso** role.
+
+In this lab, we are using 1.3.0 VyOS version and setting a disk of 10G.
+Download VyOS .iso file and save it as ``/tmp/vyos.iso``. Command used for
+generating qcow image:
+
+.. cfgcmd:: sudo ansible-playbook qemu.yml -e disk_size=10
+   -e iso_local=/tmp/vyos.iso -e grub_console=serial -e vyos_version=1.3.0
+   -e cloud_init=true -e cloud_init_ds=NoCloud
+
+File generated with previous command:
+``/tmp/vyos-1.3.0-cloud-init-10G-qemu.qcow2``
+
+Now, that file needs to be copied to proxmox server:
+
+.. cfgcmd:: sudo scp /tmp/vyos-1.3.0-cloud-init-10G-qemu.qcow2
+   root@192.168.0.253:/tmp/
+
+
+------------------------
+Prepare cloud-init files
+------------------------
+
+In Proxmox server three files are going to be used for this setup:
+
+* **network-config**: file that will indicate to avoid dhcp client on first
+  interface.
+
+* **user-data**: includes vyos-commands.
+
+* **meta-data**: empty file (required).
+
+In this lab, all files are located in ``/tmp/``. So, before going on, lets
+move to that directory:
+
+.. cfgcmd:: cd /tmp/
+
+**user-data** file must start with ``#cloud-config`` and contains
+vyos-commands. For example:
+
+.. code-block:: none
+
+   #cloud-config
+   vyos_config_commands:
+     - set system host-name 'vyos-BRAS'
+     - set system ntp server 1.pool.ntp.org
+     - set system ntp server 2.pool.ntp.org
+     - delete interfaces ethernet eth0 address 'dhcp'
+     - set interfaces ethernet eth0 address '198.51.100.2/30'
+     - set interfaces ethernet eth0 description 'WAN - ISP01'
+     - set interfaces ethernet eth1 address '192.168.25.1/24'
+     - set interfaces ethernet eth1 description 'Comming through VLAN 25'
+     - set interfaces ethernet eth2 address '192.168.26.1/24'
+     - set interfaces ethernet eth2 description 'Comming through VLAN 26'
+     - set protocols static route 0.0.0.0/0 next-hop '198.51.100.1'
+
+**network-config** file only has configuration that disables the automatic
+dhcp client on first interface.
+
+
+Content of network-config file:
+
+.. code-block:: none
+
+   version: 2
+   ethernets:
+     eth0:
+       dhcp4: false
+       dhcp6: false
+
+Finaly, file **meta-data** has no content, but it's required.
+
+---------------
+Create seed.iso
+---------------
+
+Once the three files were created, it's time to generate the ``seed.iso``
+image, which needs to be mounted to the new VM as a cd.
+
+Command for generating ``seed.iso``
+
+.. cfgcmd:: mkisofs -joliet -rock -volid "cidata" -output seed.iso meta-data
+   user-data network-config
+
+**NOTE**: be carefull while copying and pasting previous commands. Doble
+quotes may need to be corrected. 
+
+---------------
+Creating the VM
+---------------
+
+Notes for this particular example, that may need to be modified in other
+setups:
+
+* VM ID: in this example, VM ID used is 555.
+
+* VM Storage: ``local`` volume is used. 
+
+* ISO files storage: ``local`` volume is used for ``.iso`` file storage. In
+  this scenario ``local`` volume type is set to **directory**, abd attached to
+  ``/var/lib/vz``.
+
+* VM Resources: these parameters can be modified as needed.
+
+``seed.iso`` was previously created in directory ``/tmp/``. It's necessary to
+move it to ``/var/lib/vz/template/iso``
+
+.. cfgcmd:: mv /tmp/seed.iso /var/lib/vz/template/iso/
+
+On proxmox server:
+
+.. code-block:: none
+
+   ## Create VM, import disk and define boot order
+   qm create 555 --name vyos-1.3.0-cloudinit --memory 1024 --net0 virtio,bridge=vmbr0
+   qm importdisk 555 vyos-1.3.0-cloud-init-10G-qemu.qcow2 local
+   qm set 555 --virtio0 local:555/vm-555-disk-0.raw
+   qm set 555 --boot order=virtio0
+   
+   ## Import seed.iso for cloud init
+   qm set 555 --ide2 media=cdrom,file=local:iso/seed.iso
+   
+   ## Since this server has 1 nic, lets add network intefaces (vlan 25 and 26)
+   qm set 555 --net1 virtio,bridge=vmbr0,firewall=1,tag=25
+   qm set 555 --net2 virtio,bridge=vmbr0,firewall=1,tag=26
+   
+-----------------------------
+Power on VM and verifications
+-----------------------------
+
+From cli or GUI, power on VM, and after it boots, verify configuration
+
+
+----------
+References
+----------
+
+* VyOS `cloud-init-docs`_.
+
+* Cloud-init `network-config-docs`_.
+
+* Proxmox `Cloud-init-Support`_.
+
+.. stop_vyoslinter
+
+.. _network-config-docs: https://cloudinit.readthedocs.io/en/latest/topics/network-config.html
+.. _vyos-vm-images: https://github.com/vyos/vyos-vm-images
+.. _cloud-init-docs: https://docs.vyos.io/en/equuleus/automation/cloud-init.html?highlight=cloud-init#vyos-cloud-init
+.. _Cloud-init-Support: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#qm_cloud_init
+
+.. start_vyoslinter
+\ No newline at end of file
diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst
index 8dcc08b0..ab805dac 100644
--- a/docs/changelog/1.3.rst
+++ b/docs/changelog/1.3.rst
@@ -8,6 +8,87 @@
    _ext/releasenotes.py
 
 
+2022-02-13
+==========
+
+* :vytask:`T4242` (bug): ethernet speed/duplex can never be switched back to auto/auto
+* :vytask:`T4191` (bug): Lost access to host after VRF re-creating
+
+
+2022-02-11
+==========
+
+* :vytask:`T3872` (feature): Add configurable telegraf monitoring service
+* :vytask:`T4234` (bug): Show firewall partly broken in 1.3.x
+
+
+2022-02-10
+==========
+
+* :vytask:`T4165` (bug): Delete custom conntrack timeout firewall bug
+
+
+2022-02-08
+==========
+
+* :vytask:`T4227` (bug): Typo in help completion of hello-time option of bridge interface
+
+
+2022-02-07
+==========
+
+* :vytask:`T4233` (bug): ssh: sync regex for allow/deny usernames to "system login"
+* :vytask:`T4087` (feature): IPsec IKE-group proposals limit of 10 pieces 
+
+
+2022-02-06
+==========
+
+* :vytask:`T4228` (bug): bond: OS error thrown when two bonds use the same member
+
+
+2022-02-05
+==========
+
+* :vytask:`T4226` (bug): VRRP transition-script does not work for groups name which contains -(minus) sign
+
+
+2022-02-04
+==========
+
+* :vytask:`T4196` (bug): DHCP server client-prefix-length parameter results in non-functional leases
+
+
+2022-02-03
+==========
+
+* :vytask:`T3643` (bug): show vpn ipsec sa doesn't show tunnels in "down" state
+
+
+2022-02-01
+==========
+
+* :vytask:`T4198` (bug): Error shown on commit
+
+
+2022-01-29
+==========
+
+* :vytask:`T4153` (bug): Monitor bandwidth-test initiate not working
+
+
+2022-01-28
+==========
+
+* :vytask:`T4184` (bug): NTP allow-clients address doesn't work it allows to use ntp server for all addresses
+
+
+2022-01-24
+==========
+
+* :vytask:`T4204` (feature): Update Accel-PPP to a newer revision
+
+
 2022-01-17
 ==========
 
@@ -1418,7 +1499,7 @@
 2021-02-16
 ==========
 
-* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.172 / 5.10.92
+* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.178 / 5.10.99
 
 
 2021-02-14
diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst
index 4d9c1ada..1f67151b 100644
--- a/docs/changelog/1.4.rst
+++ b/docs/changelog/1.4.rst
@@ -8,6 +8,114 @@
    _ext/releasenotes.py
 
 
+2022-02-13
+==========
+
+* :vytask:`T4242` (bug): ethernet speed/duplex can never be switched back to auto/auto
+* :vytask:`T4191` (bug): Lost access to host after VRF re-creating
+
+
+2022-02-11
+==========
+
+* :vytask:`T3872` (feature): Add configurable telegraf monitoring service
+
+
+2022-02-10
+==========
+
+* :vytask:`T4235` (default): Add config tree diff algorithm
+
+
+2022-02-08
+==========
+
+* :vytask:`T4227` (bug): Typo in help completion of hello-time option of bridge interface
+
+
+2022-02-07
+==========
+
+* :vytask:`T4233` (bug): ssh: sync regex for allow/deny usernames to "system login"
+
+
+2022-02-06
+==========
+
+* :vytask:`T4223` (bug): policy route cannot have several entries with the same table
+* :vytask:`T4216` (bug): Firewall: can't use negated groups in firewall rules
+* :vytask:`T4178` (bug): policy based routing tcp flags issue
+* :vytask:`T4164` (bug): PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf`
+* :vytask:`T3970` (feature): Add support for op-mode PKI direct install into an active config session
+* :vytask:`T3828` (bug): ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta
+* :vytask:`T4228` (bug): bond: OS error thrown when two bonds use the same member
+
+
+2022-02-05
+==========
+
+* :vytask:`T4226` (bug): VRRP transition-script does not work for groups name which contains -(minus) sign
+
+
+2022-02-04
+==========
+
+* :vytask:`T4196` (bug): DHCP server client-prefix-length parameter results in non-functional leases
+
+
+2022-02-03
+==========
+
+* :vytask:`T4218` (bug): firewall: rule name is not allowed to start with a number
+* :vytask:`T3643` (bug): show vpn ipsec sa doesn't show tunnels in "down" state
+
+
+2022-02-01
+==========
+
+* :vytask:`T4224` (bug): Ethernet interfaces configured for DHCP not working on latest rolling snapshot (vyos-1.4-rolling-202201291849-amd64.iso)
+* :vytask:`T4225` (bug): Performance degration with latest rolling release
+* :vytask:`T4220` (bug): Commit broke dhclient 78b247b724f74bdabab0706aaa7f5b00e5809bc1
+* :vytask:`T4138` (bug): NAT configuration allows to set incorrect port range and invalid port
+
+
+2022-01-29
+==========
+
+* :vytask:`T4153` (bug): Monitor bandwidth-test initiate not working
+
+
+2022-01-28
+==========
+
+* :vytask:`T4184` (bug): NTP allow-clients address doesn't work it allows to use ntp server for all addresses
+* :vytask:`T4217` (bug): firewall: port-group requires protocol to be set - but not in VyOS 1.3
+
+
+2022-01-27
+==========
+
+* :vytask:`T4213` (default): ipv6 policy routing not working anymore
+* :vytask:`T4188` (bug): Firewall does not correctly handle conntracking
+* :vytask:`T3762` (feature): Support network and address groups for policy ipv6-route
+* :vytask:`T3560` (feature): Ability to create groups of MAC addresses
+* :vytask:`T3495` (feature): Modernising port/protocol definitions
+
+
+2022-01-25
+==========
+
+* :vytask:`T4205` (feature): Disable Debian Version in SSH (DebianBanner->no)
+* :vytask:`T4131` (bug): Show firewall group incorrect format members
+
+
+2022-01-24
+==========
+
+* :vytask:`T4204` (feature): Update Accel-PPP to a newer revision
+* :vytask:`T1795` (default): Commit rollback by timeout
+
+
 2022-01-23
 ==========
 
@@ -1661,7 +1769,7 @@
 ==========
 
 * :vytask:`T3313` (bug): ospfv3 interface missing options
-* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.172 / 5.10.92
+* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.178 / 5.10.99
 
 
 2021-02-15
diff --git a/docs/configuration/policy/local-route.rst b/docs/configuration/policy/local-route.rst
index 0b0122ab..e938f3cc 100644
--- a/docs/configuration/policy/local-route.rst
+++ b/docs/configuration/policy/local-route.rst
@@ -8,8 +8,8 @@ Policies for local traffic are defined in this section.
 Configuration
 *************
 
-Local Route
-===========
+Local Route IPv4
+================
 
 .. cfgcmd:: set policy local-route rule <1-32765> set table <1-200|main>
 
@@ -18,3 +18,30 @@ Local Route
 .. cfgcmd:: set policy local-route rule <1-32765> source <x.x.x.x|x.x.x.x/x>
 
    Set source address or prefix to match.
+
+.. cfgcmd:: set policy local-route rule <1-32765> destination <x.x.x.x|x.x.x.x/x>
+
+   Set destination address or prefix to match.
+
+.. cfgcmd:: set policy local-route rule <1-32765> inbound-interface <interface>
+
+   Set inbound interface to match.
+   
+Local Route IPv6
+================
+
+.. cfgcmd:: set policy local-route6 rule <1-32765> set table <1-200|main>
+
+   Set routing table to forward packet to.
+
+.. cfgcmd:: set policy local-route6 rule <1-32765> source <h:h:h:h:h:h:h:h|<h:h:h:h:h:h:h:h/x>
+
+   Set source address or prefix to match.
+
+.. cfgcmd:: set policy local-route6 rule <1-32765> destination <h:h:h:h:h:h:h:h|<h:h:h:h:h:h:h:h/x>
+
+   Set destination address or prefix to match.
+
+.. cfgcmd:: set policy local-route6 rule <1-32765> inbound-interface <interface>
+
+   Set inbound interface to match.
+\ No newline at end of file
diff --git a/docs/configuration/protocols/bfd.rst b/docs/configuration/protocols/bfd.rst
index 60f9ffd0..dac1bf0f 100644
--- a/docs/configuration/protocols/bfd.rst
+++ b/docs/configuration/protocols/bfd.rst
@@ -1,4 +1,4 @@
-:lastproofread: 2021-09-28
+:lastproofread: 2022-02-05
 
 .. include:: /_include/need_improvement.txt
 
@@ -72,11 +72,11 @@ Enable BFD in BGP
 Enable BFD in OSPF
 ------------------
 
-.. cfgcmd:: set interfaces ethernet <interface> ip ospf bfd
+.. cfgcmd:: set protocols ospf interface <interface> bfd
 
    Enable BFD for OSPF on an interface
 
-.. cfgcmd:: set interfaces ethernet <interface> ipv6 ospfv3 bfd
+.. cfgcmd:: set protocols ospfv3 interface <interface> bfd
 
    Enable BFD for OSPFv3 on an interface
 
@@ -93,7 +93,7 @@ Enable BFD in ISIS
 Operational Commands
 ====================
 
-.. opcmd:: show protocols bfd peer
+.. opcmd:: show bfd peers
 
    Show all BFD peers
 
diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst
index 9d0e0855..357203fd 100644
--- a/docs/configuration/service/dhcp-server.rst
+++ b/docs/configuration/service/dhcp-server.rst
@@ -21,6 +21,16 @@ address.
 Configuration
 =============
 
+.. cfgcmd:: set service dhcp-server hostfile-update
+
+   Create DNS record per client lease, by adding clients to /etc/hosts file.
+   Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`
+
+.. cfgcmd:: set service dhcp-server host-decl-name
+
+   Will drop `<shared-network-name>_` from client DNS record, using only the
+   host declaration name and domain: `<hostname>.<domain-name>`
+
 .. cfgcmd:: set service dhcp-server shared-network-name <name> domain-name <domain-name>
 
    The domain-name parameter should be the domain name that will be appended to
diff --git a/docs/configuration/vpn/ipsec.rst b/docs/configuration/vpn/ipsec.rst
index 590f6023..7194057d 100644
--- a/docs/configuration/vpn/ipsec.rst
+++ b/docs/configuration/vpn/ipsec.rst
@@ -174,8 +174,8 @@ On the LEFT:
 
   # GRE tunnel
   set interfaces tunnel tun0 encapsulation gre
-  set interfaces tunnel tun0 local-ip 192.0.2.10
-  set interfaces tunnel tun0 remote-ip 203.0.113.45
+  set interfaces tunnel tun0 source-address 192.0.2.10
+  set interfaces tunnel tun0 remote 203.0.113.45
   set interfaces tunnel tun0 address 10.10.10.1/30
 
   ## IPsec
@@ -226,8 +226,8 @@ On the LEFT:
 
   set interfaces tunnel tun0 encapsulation gre
   set interfaces tunnel tun0 address 10.10.10.1/30
-  set interfaces tunnel tun0 local-ip 192.168.99.1
-  set interfaces tunnel tun0 remote-ip 192.168.99.2
+  set interfaces tunnel tun0 source-address 192.168.99.1
+  set interfaces tunnel tun0 remote 192.168.99.2
 
 On the RIGHT:
 
@@ -237,8 +237,8 @@ On the RIGHT:
 
   set interfaces tunnel tun0 encapsulation gre
   set interfaces tunnel tun0 address 10.10.10.2/30
-  set interfaces tunnel tun0 local-ip 192.168.99.2
-  set interfaces tunnel tun0 remote-ip 192.168.99.1
+  set interfaces tunnel tun0 source-address 192.168.99.2
+  set interfaces tunnel tun0 remote 192.168.99.1
 
 **Setting up IPSec**
 
@@ -247,7 +247,7 @@ tricky part is that pre-shared secret authentication doesn't work with dynamic
 address, so we'll have to use RSA keys.
 
 First, on both routers run the operational command "generate pki key-pair 
-install <key-pair nam>>". You may choose different length than 2048 of course.
+install <key-pair name>". You may choose different length than 2048 of course.
 
 .. code-block:: none
 
diff --git a/docs/documentation.rst b/docs/documentation.rst
index 00db6e56..77cd5cc4 100644
--- a/docs/documentation.rst
+++ b/docs/documentation.rst
@@ -91,7 +91,7 @@ access to the official codebase.
   for writing our docs. Additional directives how to write in RST can be
   obtained from reStructuredTextDirectives_.
 
-* Check your changes by locally building the documentation ``$ make html``.
+* Check your changes by locally building the documentation ``$ make livehtml``.
   Sphinx will build the html files in the ``docs/_build`` folder. We provide
   you with a Docker container for an easy-to-use user experience. Check the
   README.md_ file of this repository.
diff --git a/docs/installation/virtual/proxmox.rst b/docs/installation/virtual/proxmox.rst
index 43c478f5..d3d77dc6 100644
--- a/docs/installation/virtual/proxmox.rst
+++ b/docs/installation/virtual/proxmox.rst
@@ -7,31 +7,49 @@ Running on Proxmox
 Proxmox is an open-source platform for virtualization. Users with a support
 subscription can download a qcow2 image that can be imported into Proxmox.
 
-Deploy VyOS from CLI
-====================
+Deploy VyOS from CLI with qcow2 image
+=====================================
 
+ A prebuilt image in qcow2 format is available to all VyOS subscribers for download and use directly within Proxmox.
 
-Copy the qcow2 image to a temporary directory on the Proxmox server.
-
-The commands below assume that virtual machine ID 200 is unused and that
-the user wants the disk stored in a storage pool called `local-lvm`.
+1. Copy the qcow2 image to a temporary directory on the Proxmox server.
+2. The commands below assume that virtual machine ID 200 is unused and that the user wants the disk stored in a storage pool called `local-lvm`.
 
 .. code-block:: none
 
   $ qm create 200 --name vyos2 --memory 2048 --net0 virtio,bridge=vmbr0
-  $ qm importdisk 200 vyos-1.2.8-proxmox-2G.qcow2 local-lvm
+  $ qm importdisk 200 /path/to/image/vyos-1.2.8-proxmox-2G.qcow2 local-lvm
   $ qm set 200 --virtio0 local-lvm:vm-200-disk-0
   $ qm set 200 --boot order=virtio0 
 
-Optionally, the user can attach a CDROM with an ISO as a cloud-init data
-source. The below command assumes the ISO has been uploaded to the
-`local` storage pool with the name `seed.iso`.
+3. Optionally, the user can attach a CDROM with an ISO as a cloud-init data source. The below command assumes the ISO has been uploaded to the `local` storage pool with the name `seed.iso`.
+
+.. code-block:: none
+
+  $ qm set 200 --ide2 media=cdrom,file=local:iso/seed.iso
+
+4. Start the virtual machine in the proxmox GUI or CLI using ``qm start 200``.
+
+
+
+Deploy VyOS from CLI with rolling release ISO
+=============================================
+
+1. Download the rolling release iso from https://vyos.net/get/nightly-builds/. Non-subscribers can always get the LTS release by building it from source. Instructions can be found in the :ref:`build` section of this manual. VyOS source code repository is available https://github.com/vyos/vyos-build.
+2. Prepare VM for installation from ISO media. The commands below assume that your iso is available in a storage pool 'local', that you want it to have a VM ID '200' and want to create a new disk on storage pool 'local-lvm' of size 15GB.
 
 .. code-block:: none
 
-  $ qm set 101 --ide2 media=cdrom,file=local:iso/seed.iso
+  qm create 200 --name vyos --memory 2048 --net0 virtio,bridge=vmbr0 --ide2 media=cdrom,file=local:iso/live-image-amd64.hybrid.iso --virtio0 local-lvm:15
+3. Start the VM using the command ``qm start 200`` or using the start button located in the proxmox GUI.
+4. Using the proxmox webGUI, open the virtual console for your newly created vm. Login username/password is ``vyos/vyos``.
+5. Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive. 
+6. After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``.
+7. Reboot the virtual machine using the GUI or ``qm reboot 200``.
+
+
+
 
-Start the virtual machine in the proxmox GUI or CLI using ``qm start 200``.
 
 Visit https://www.proxmox.com/en/ for more information about the download
 and installation of this hypervisor.
diff --git a/docs/introducing/history.rst b/docs/introducing/history.rst
index 9a13e2b3..054eecd6 100644
--- a/docs/introducing/history.rst
+++ b/docs/introducing/history.rst
@@ -4,44 +4,126 @@
 History
 #######
 
-VyOS is a Linux-based network operating system that provides software-based
-network routing, firewall, and VPN functionality.
-
-The VyOS project was started in late 2013 as a community fork of the
-`GPL <https://en.wikipedia.org/wiki/GNU_General_Public_License>`_ portions of
-Vyatta Core 6.6R1 with the goal of maintaining a free and open source network
-operating system in response to the decision to discontinue the community
-edition of Vyatta. Here everyone loves learning, older managers and new users.
-
-VyOS is primarily based on `Debian GNU/Linux <https://www.debian.org/>`_ and
-the `Quagga <http://www.nongnu.org/quagga/>`_ routing engine. Its configuration
-syntax and :ref:`cli` are loosely derived from Juniper JUNOS as modelled by the
-`XORP project <http://www.xorp.org/>`_, which was the original routing engine
-for Vyatta.
-
-In the 4.0 release of Vyatta, the routing engine was changed to Quagga. As of
-VyOS version 1.2, VyOS now uses `FRRouting <https://frrouting.org/>`_ as the
-routing engine.
-
-How is VyOS different from any other router distributions and platform?
-
-- It's more than just a firewall and VPN, VyOS includes extended routing
-  capabilities like OSPFv2, OSPFv3, BGP, VRRP, and extensive route policy
-  mapping and filtering
-- Unified command line interface in the style of hardware routers.
-- Scriptable CLI
-- Stateful configuration system: prepare changes and commit at once or discard,
-  view previous revisions or rollback to them, archive revisions to remote
-  server and execute hooks at commit time
-- Image-based upgrade: keep multiple versions on the same system and revert to
-  previous image if a problem arises
-- Multiple VPN capabilities: OpenVPN, IPSec, Wireguard, DPMVPN, IKEv2 and more
-- DHCP, TFTP, mDNS repeater, broadcast relay and DNS forwarding support
-- Both IPv4 and IPv6 support
-- Runs on physical and virtual platforms alike: small x86 boards, big servers,
-  KVM, Xen, VMware, Hyper-V, and more
-- Completely free and open source, with documented internal APIs and build
-  procedures
-- Community driven. Patches are welcome and all code, bugs, and nightly builds
-  are publicly accessible
+In the beginning...
+===================
 
+There once was a network operating system based on Debian GNU/Linux,
+called Vyatta. [*]_ 2006 onwards, it was a great free software
+alternative to Cisco IOS and Jupiter JUNOS. It came in two editions:
+Vyatta Core (previously Vyatta Community Edition) that was completely
+free software, and Vyatta Subscription Edition that had proprietary
+features and was only available to paying customers. [*]_
+
+Vyatta was acquired by Brocade Communication Systems in 2012. Shortly
+after, Brocade renamed Vyatta Subscription Edition to Brocade vRouter,
+discontinued Vyatta Core and shut down the community forum without a
+notice. The bug tracker and Git repositories followed next year.
+
+It's worth noting that by the time Brocade acquired Vyatta,
+development of Vyatta Core was already stagnated. Vyatta Subscription
+Edition (and thus, Vyatta development as a whole) had been replacing
+core components with proprietary software, meaning few features made
+it to Vyatta Core, and those that did were bug-ridden and hamstrung.
+
+In 2013, soon after Vyatta Core was abandoned, the community forked
+the last Vyatta Core version (6.6R1) and VyOS Project came into being.
+`Sentrium SL <https://blog.vyos.io/sentrium-what-sentrium>`_ was
+established by VyOS maintainers in 2014 to fund VyOS development by
+selling support, consulting services and prebuilt long-term support
+images.
+
+Brocade was acquired by Broadcom in 2016 and sold what remains of
+erstwhile Vyatta to AT&T in 2017, who in turn sold it to Ciena in 2021.
+
+
+Major releases
+==============
+
+VyOS major versions used to be named after elements in order of atomic
+numbers. With 1.2, this naming scheme was replaced with the much
+cooler scheme of Latin names of IAU designated constellations by solid
+angle area, starting from the smallest.
+
+Hydrogen (1.0)
+--------------
+
+Released just in time for holidays on 22 December 2013, Hydrogen was
+the first major VyOS release. It fixed features that were broken in
+Vyatta Core 6.6 (such as IPv4 BGP peer groups and DHCPv6 relay) and
+introduced command scripting, a task scheduler and web proxy LDAP
+authentication.
+
+Helium (1.1)
+------------
+
+Helium was released on 9 October 2014, exactly on the day VyOS Project
+first came into being in the previous year. Helium came with a lot of
+new features, including an event handler and support for L2TPv3,
+802.1ad QinQ and IGMP proxy, as well as experimental support for VXLAN
+and DMVPN (the latter of which was also broken in Vyatta Core due to
+its reliance on a proprietary NHRP implementation).
+
+Crux (1.2)
+----------
+
+Crux (the Southern Cross) came out on 28 January 2019 and was the
+first major release of VyOS as we know it today. The underlying
+Debian base was upgraded from Squeeze (6) to Jessie (8).
+
+Although Crux came with too many new features to mention here, some
+noteworthy ones are: an mDNS repeater, a broadcast relay,
+a high-performance PPPoE server, an HFSC scheduler, as well as support
+for Wireguard, unicast VRRP, RPKI for BGP and fully 802.1ad-compliant
+QinQ ethertype. The telnet server and support for P2P filtering were
+removed.
+
+Crux is the first version to feature the modular image build system.
+CLI definitions began to be written in the modern, verifiable XML
+templates. Python APIs were introduced for command scripting and
+configuration migration. Introduction of new Perl and shell code was
+proscribed and the rewriting of legacy Perl code in pure Python began
+with Crux.
+
+As of 2022, Crux is still supported and maintained.
+
+Equuleus (1.3)
+--------------
+
+The current long-term support version of VyOS, Equuleus (the Pony)
+came out on 21 December 2021, once again in time for the winter
+holidays.
+
+Equuleus brought many long-desired features with it, most notably
+an SSTP VPN server, an IPoE server, an OpenConnect VPN server and
+a serial console server, in addition to reworked support for WWAN
+interfaces, support for GENEVE and MACSec interfaces, VRF, IS-IS
+routing, preliminary support for MPLS and LDP, and many other
+initialisms.
+
+As of 2022, Equuleus is in the stable.
+
+Sagitta (1.4)
+-------------
+
+Sagitta (the Arrow) is the codename of the current development
+branch, so there's no VyOS 1.4 yet.
+
+A note on copyright
+===================
+
+Unlike Vyatta, VyOS never had (nor will ever have) proprietary code.
+The only proprietary material in VyOS is non-code assets, such as
+graphics and the trademark "VyOS". [*]_ This means you can build your
+own long-term support images (as the entire toolchain we use is free
+software) and even distribute them, given you rename it and remove
+such assets before building. Although note that we do not provide
+support for images distributed by a third-party. See the
+`artwork license <https://github.com/vyos/vyos-build/blob/current/LICENSE.artwork>`_
+and the end-user license agreement at ``/usr/share/doc/vyos/EULA`` in
+any pre-built image for more precise information.
+
+
+.. [*] From the Sanskrit adjective "Vyātta" (व्यात्त), meaning opened.
+.. [*] A business model comparable to that of Redis, rather than that
+       of VyOS today.
+.. [*] This is not unlike how Linus Torvalds owns the trademark "Linux".