############
1.5 Circinus
############

..
   Please don't add anything by hand.
   This file is managed by the script:
   _ext/releasenotes.py


2024-04-14
==========

* :vytask:`T6210` ``(feature): Add container ability to configure capability sys-nice``


2024-04-13
==========

* :vytask:`T6173` ``(bug): Build Causes Errors When "--version" Contains Slashes ("/")``
* :vytask:`T2518` ``(feature): Support NAT for ipv6(NPT)``


2024-04-12
==========

* :vytask:`T6214` ``(bug): Error when using some constraints``
* :vytask:`T6213` ``(bug): Firewall group constraints``
* :vytask:`T6222` ``(bug): VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters``
* :vytask:`T6218` ``(bug): Container network interface in VRF fails to generate IPv6 link-local address``
* :vytask:`T5044` ``(feature): High Availability in DHCPv6 -ISC DHCP Failover/Kea``
* :vytask:`T6166` ``(bug): Tech support generation error for custom output location``
* :vytask:`T344` ``(feature): Software basesd FastPath``


2024-04-11
==========

* :vytask:`T4516` ``(feature): Rewrite system image manipulation tools in Python``
* :vytask:`T4548` ``(feature): GRUB loader configuration rework``
* :vytask:`T6228` ``(bug): Cleanup of not existing units``


2024-04-10
==========

* :vytask:`T6207` ``(bug): image-tools: restore ability to copy config.boot.default on image install``
* :vytask:`T6106` ``(bug): Valid commit error for route-reflector-client option defined in peer-group``
* :vytask:`T5750` ``(bug): Upgrade from 1.3.4 to 1.4 Rolling fails QoS``
* :vytask:`T5740` ``(bug): Generate wiregurad keys via HTTP-API fails``
* :vytask:`T6206` ``(bug): L2tp smoketest fails if vyos-configd is running``
* :vytask:`T5858` ``(bug): Show conntrack statistics formatting is all over the place``


2024-04-09
==========

* :vytask:`T6121` ``(feature): Extend service config-sync for sections  vpn, policy, vrf``


2024-04-08
==========

* :vytask:`T6197` ``(bug): IPoE-server interface client-subnet looks broken or works with the wrong logic``
* :vytask:`T6196` ``(bug): Route-map and summary-only do not work in BGP aggregation at the same time``
* :vytask:`T6068` ``(feature): dhcp server: allow switching between load-balanced and hotspare mode``


2024-04-07
==========

* :vytask:`T6205` ``(bug): ipoe: error in migration script logic while renaming mac-address to mac node``
* :vytask:`T5862` ``(bug): Default MTU is not acceptable in some environments``
* :vytask:`T6208` ``(feature): container: rename "cap-add" CLI node to "capability"``
* :vytask:`T6188` ``(feature): Add Firewall Rule Description to "show firewall" commands``
* :vytask:`T1244` ``(default): Support for StartupResync in conntrackd``


2024-04-06
==========

* :vytask:`T6203` ``(enhancment): Remove obsoleted xml lib``
* :vytask:`T6202` ``(bug): Multi-Protocol BGP is broken by 6PE patch in upstream FRR 9.1``


2024-04-05
==========

* :vytask:`T6089` ``(bug): [1.3.6->1.4.0-epa1 Migration] "ospf passive-interface default" incorrectly added``
* :vytask:`T2590` ``(bug): DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c``
* :vytask:`T6199` ``(feature): spring cleaning - drop unused Python imports``


2024-04-04
==========

* :vytask:`T6119` ``(default): Use a compliant TOML parser``
* :vytask:`T6171` ``(feature): dhcp server fail-over - Rename fail-over node``
* :vytask:`T6128` ``(bug): minisign.pub is wrong on https://vyos.net/get/nightly-builds/``
* :vytask:`T5882` ``(feature): vyos-utils: move to Dune as build system``
* :vytask:`T5864` ``(default): 'show ntp' Commands Not Working``
* :vytask:`T3843` ``(bug): l2tp configuration not cleared after delete``
* :vytask:`T2187` ``(feature): Python Unit testing``
* :vytask:`T788` ``(bug): Nightly builds are not signed``


2024-04-03
==========

* :vytask:`T6198` ``(feature): configverify: add common helper for PKI certificate validation``
* :vytask:`T6192` ``(feature): Multi VRF support for SSH``


2024-04-02
==========

* :vytask:`T6167` ``(bug): VNI not set on VRF after reboot``
* :vytask:`T6151` ``(default): BGP VRF - Route-leaking not work when the next-hop is a recursive route.``
* :vytask:`T6033` ``(bug): hsflowd fails to start when using a tunnel interface``


2024-04-01
==========

* :vytask:`T6195` ``(feature): dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1``
* :vytask:`T6193` ``(bug): dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces``
* :vytask:`T6178` ``(bug): Reverse-proxy should check that certificate exists during commit``


2024-03-31
==========

* :vytask:`T6186` ``(bug): Fix regression in 'set system image default-boot'``
* :vytask:`T5832` ``(feature): Keepalived: Allow using the 'dev' statement on excluded-addresses``


2024-03-29
==========

* :vytask:`T6159` ``(bug): Openvpn Server Op-cmd adds heading "OpenVPN status on vtunx" for every client connection``


2024-03-28
==========

* :vytask:`T6147` ``(bug): Conntrack not working as expected with global state-policy``
* :vytask:`T6175` ``(bug): op-mode: "renew dhcp interface <name>" does not check if it's an actual DHCP interface``
* :vytask:`T6102` ``(bug): Clear dhcp-server lease throws python exception on 1.5-rolling``


2024-03-26
==========

* :vytask:`T6066` ``(bug): Setting same network in different ospf area will raise exception``


2024-03-25
==========

* :vytask:`T6145` ``(bug): Service config-sync does not rely on priorities but must``


2024-03-24
==========

* :vytask:`T6161` ``(feature): Output container images as JSON``
* :vytask:`T6165` ``(bug): grub: vyos-grub-update failed to start on "slow" systems``
* :vytask:`T6085` ``(bug): VTI interfaces are in UP state by default``
* :vytask:`T6152` ``(bug): Kernel panic for ZimaBoard 232``


2024-03-23
==========

* :vytask:`T6160` ``(bug): isis: NameError: name 'process' is not defined``
* :vytask:`T6131` ``(bug): Disabling openvpn interface(s) causes OSPF to fail to load on reboot``
* :vytask:`T4022` ``(feature): Add package nat-rtsp-dkms``


2024-03-22
==========

* :vytask:`T6136` ``(bug): Configuring a dynamic address group, config script did not check whether the group was created``
* :vytask:`T6130` ``(bug): [1.3.6->1.4.0-epa2 Migration] BGP "set community" missing``
* :vytask:`T6090` ``(bug): [1.3.6->1.4.0-epa1 Migration] policy route fails due tcp flag case sensitivity``
* :vytask:`T6155` ``(default): ixgbe: failed to initialize because an unsupported SFP+ module type was detected.``
* :vytask:`T6125` ``(feature): Support 802.1ad (0x88a8) vlan filtering for bridge``


2024-03-21
==========

* :vytask:`T6143` ``(feature): Increase configuration timeout range for service config-sync``


2024-03-20
==========

* :vytask:`T6133` ``(feature): Add domain-name to commit-archive``
* :vytask:`T6129` ``(feature): bgp: add route-map option "as-path exclude all"``


2024-03-19
==========

* :vytask:`T6127` ``(bug): Ability to view logs for rules with Offload not functional``
* :vytask:`T6138` ``(bug): Conntrack table op-mode fails with flowtable offload entries``


2024-03-15
==========

* :vytask:`T6118` ``(feature): radvd: RFC8781: add nat64prefix support``


2024-03-12
==========

* :vytask:`T6020` ``(bug): VRRP health-check script is not applied correctly in keepalived.conf``
* :vytask:`T5646` ``(bug): QoS policy limiter broken if class without match``


2024-03-11
==========

* :vytask:`T6098` ``(bug): Description doesnt seem to allow for non international characters``
* :vytask:`T2998` ``(bug): SNMP v3 oid "exclude" option doesn't work``
* :vytask:`T6107` ``(bug): Nginx does not allow big config queries for configure endpoint API``
* :vytask:`T6096` ``(bug): Config commits are not synced properly because 00vyos-sync is deleted by vyos-router``
* :vytask:`T6093` ``(bug): Incorrect dhcp-options vendor-class-id regex``
* :vytask:`T6083` ``(feature): ethtool: move string parsing to JSON parsing``
* :vytask:`T6069` ``(bug): HTTP API segfault during concurrent configuration requests``
* :vytask:`T6057` ``(feature): Add ability to disable syslog for conntrackd``
* :vytask:`T5504` ``(feature): Keepalived VRRP ability to set more than one peer-address``
* :vytask:`T5717` ``(feature): ospfv3 - add  allow to set metric-type to ospf redistribution while frr docs says its possible.``
* :vytask:`T6071` ``(bug): firewall: CLI description limit of 256 characters cause config upgrade issues``


2024-03-08
==========

* :vytask:`T6086` ``(bug): NAT does not work with network-groups``
* :vytask:`T6094` ``(bug): Destination Nat not Making Firewall Rules``
* :vytask:`T6061` ``(bug): connection-status nat destination firewall filter not working in 1.4.0-epa1``
* :vytask:`T6075` ``(bug): Applying firewall rules with a non-existent interface group``


2024-03-07
==========

* :vytask:`T6104` ``(bug): Regression in commit-archive for non-interactive configuration``
* :vytask:`T6084` ``(bug): OpenNHRP DMVPN configuration file clean after reboot if we have any IPSec configuration``
* :vytask:`T5348` ``(bug): Service config-sync can freeze the secondary router if it has commit-archive location``
* :vytask:`T6073` ``(bug): Conntrack/NAT not being disabled when VRFs are defined``
* :vytask:`T6095` ``(default): Tab completion for "set interfaces wireless wlan0 country-code" incorrect country "uk"``


2024-03-06
==========

* :vytask:`T6079` ``(bug): dhcp: migration fails for duplicate static-mapping``
* :vytask:`T6063` ``(default): Kea DHCP: Expose match-client-id setting``
* :vytask:`T5992` ``(default): DHCP: show dhcp server leases not showing all leases``


2024-03-05
==========

* :vytask:`T5903` ``(bug): NHRP donĀ“t start on reboot from version 1.5-rolling-202401010026``
* :vytask:`T2447` ``(feature): Additional Boot Argument Configuration to limit CPU C-States``


2024-03-04
==========

* :vytask:`T6087` ``(feature): ospfv3: add support to redistribute IS-IS routes``


2024-03-02
==========

* :vytask:`T6081` ``(bug): QoS policy shaper target and interval wrong calcuations``


2024-02-29
==========

* :vytask:`T6078` ``(feature): Update ethtool to 6.6``
* :vytask:`T6077` ``(feature): banner: implement ASCII contest winner default logo``
* :vytask:`T6074` ``(feature): container: do not allow deleting images which have a container running``


2024-02-28
==========

* :vytask:`T4270` ``(bug): dns forwarding - When "ignore-hosts-file" is unset, local hostname of router resolves to 127.0.1.1``


2024-02-26
==========

* :vytask:`T6064` ``(bug): Can not build VyOS if repository it not cloned to a branch``
* :vytask:`T5754` ``(default): Update to StrongSwan 5.9.11``


2024-02-25
==========

* :vytask:`T6060` ``(feature): op-mode: container: support removing all container images at once``


2024-02-24
==========

* :vytask:`T5909` ``(bug): Container registry with authentication prevents config load (section container) after reboot``


2024-02-23
==========

* :vytask:`T5376` ``(bug): Conntrack FTP helper does not work properly``


2024-02-22
==========

* :vytask:`T6048` ``(bug): Exception in event handler script``


2024-02-21
==========

* :vytask:`T6050` ``(bug): Wrong scripting commands descriptions in accel-ppp services``
* :vytask:`T3771` ``(feature): DHCPv6 server prefix delegation - dynamically add route to delegated prefix via requesting router``


2024-02-19
==========

* :vytask:`T5971` ``(default): Create the same view of ppp section  for all accel-ppp services``
* :vytask:`T6029` ``(default): Rewrite Accel-PPP services to an identical feature set``
* :vytask:`T3722` ``(bug): op-mode IPSec show vpn ike sa always shows L-TIME 0``


2024-02-18
==========

* :vytask:`T6043` ``(bug): VxLAN and bridge error bug``
* :vytask:`T6041` ``(bug): image-tools: install fails from PXE boot into live iso due to restrictive logic``


2024-02-17
==========

* :vytask:`T5972` ``(feature): login: add possibility to disable individual local user accounts``


2024-02-16
==========

* :vytask:`T6009` ``(bug): Firewall - Time not working properly when not using UTC``
* :vytask:`T6005` ``(bug): Error on adding a wireguard interface to OSPFv3``
* :vytask:`T6019` ``(feature): Bump nftables and libnftnl version``
* :vytask:`T6001` ``(default): Add option to enable resolve-via-default``
* :vytask:`T5965` ``(bug): WWAN modems using raw-ip do not work with dhclient/dhcp6c``
* :vytask:`T5245` ``(bug): Wireless interfaces do not get IPv6 link-local address assigned``


2024-02-15
==========

* :vytask:`T5977` ``(bug): nftables: Operation not supported when using match-ipsec in outbound firewall``
* :vytask:`T2612` ``(bug): HTTPS API, changing API key fails but goes through``
* :vytask:`T5989` ``(bug): IP subnets not usable in UPnP ACLs``
* :vytask:`T5719` ``(default): mdns repeater: Add op-mode commands``
* :vytask:`T4839` ``(feature): Dynamic Firewall groups``


2024-02-14
==========

* :vytask:`T6034` ``(feature): rpki: move file based SSH keys for authentication to PKI subsystem``
* :vytask:`T5981` ``(bug): IPsec site-to-site migrated PKI ca certificates are created with an '@'``
* :vytask:`T5930` ``(bug): vrf - route-leak not work using route-target both command.``
* :vytask:`T5709` ``(bug): IPoE-server fails if next pool mentioned but not defined``
* :vytask:`T2044` ``(bug): RPKI doesn't boot properly``
* :vytask:`T6032` ``(feature): bgp: add EVPN MAC-VRF Site-of-Origin support``
* :vytask:`T5960` ``(default): Rewriting authentication section in accel-ppp services``


2024-02-13
==========

* :vytask:`T5928` ``(bug): Configuration fails to load on boot if offloading has VLAN interfaces defined``
* :vytask:`T5064` ``(bug): Value validation for domain-groups seems to be broken``


2024-02-12
==========

* :vytask:`T6010` ``(bug): Support setting multiple values in BGP path-attribute``
* :vytask:`T6004` ``(bug): RPKI is not configured``
* :vytask:`T5952` ``(default): DHCP allow same MAC Address on same subnet``
* :vytask:`T5849` ``(feature): Add SRv6 route commands``


2024-02-10
==========

* :vytask:`T6023` ``(bug): rpki: add support for CLI knobs expire-interval and retry-interval``


2024-02-09
==========

* :vytask:`T6028` ``(bug): QoS policy shaper wrong class_id_max and default_minor_id``
* :vytask:`T6026` ``(bug): QoS hide attempts to delete qdisc from devices``
* :vytask:`T5788` ``(feature): frr: update to 9.1 release``
* :vytask:`T5703` ``(bug): QoS config on pppoe interface resets back to fq_codel after tunnel reboots``
* :vytask:`T5685` ``(feature): Keepalived VRRP prefix is not necessary for the virtual address``


2024-02-08
==========

* :vytask:`T6014` ``(feature): Bump keepalived version``
* :vytask:`T5910` ``(bug): Grub problem(?) Serial Console no longer working``
* :vytask:`T6021` ``(bug): QoS r2q wrong calculation``


2024-02-07
==========

* :vytask:`T6017` ``(bug): Update vyos-http-api-tools for security advisory``
* :vytask:`T6016` ``(bug): Resolve intermittent failures in cleanup function after failed image install``
* :vytask:`T6024` ``(feature): bgp: add additional missing FRR features``
* :vytask:`T6011` ``(feature): rpki: known-hosts-file is no longer supported by FRR CLI - remove VyOS CLI node``
* :vytask:`T5998` ``(feature): replay_window setting under vpn in config``


2024-02-06
==========

* :vytask:`T6018` ``(default): smoketest: updating http-api framework requires a pause before test``
* :vytask:`T5921` ``(bug): Trying to commit an OpenConnect configuration without any local users results in an exception``
* :vytask:`T5687` ``(feature): Implement ECS settings for PowerDNS recursor``


2024-02-05
==========

* :vytask:`T5974` ``(bug): QoS policy shaper is currently miscalculating bandwidth and ceil values for the default class``
* :vytask:`T5865` ``(feature): Rewrite ipv6 pool section to ipv6 named pools in Accel-ppp services``


2024-02-02
==========

* :vytask:`T5739` ``(bug): Password recovery does not work if public keys are configured``
* :vytask:`T5955` ``(feature): Rootless containers/set uid/gid for container``
* :vytask:`T6003` ``(feature): Add 'show rpki as-number' and 'show rpki prefix'``
* :vytask:`T5848` ``(feature): Add triple-isolate flow isolation option to CAKE QoS policy``


2024-02-01
==========

* :vytask:`T5995` ``(bug): Kernel NIC-drivers for Huawei NICs are not properly enabled``
* :vytask:`T5978` ``(bug): ethernet: hw-tc-offload does not actually get enabled on the NIC``
* :vytask:`T5979` ``(enhancment): Add configurable kernel boot parameters``
* :vytask:`T5973` ``(bug): vrf: RTNETLINK answers: File exists``
* :vytask:`T5967` ``(bug): Multi-hop BFD connections can't be established; please add minimum-ttl option.``
* :vytask:`T5619` ``(default): Update the Intel ixgbe driver due to issues with Intel X533``


2024-01-31
==========

* :vytask:`T6000` ``(bug): [1.3.x -> 1.5.x] migrating threw exception in /opt/vyatta/etc/config-migrate/migrate/https/5-to-6, performed workaround``
* :vytask:`T5999` ``(bug): load-balancing reverse-proxy can't configure root as a redirect``


2024-01-30
==========

* :vytask:`T5980` ``(feature): Add image-tools support for configurable kernel boot options``


2024-01-29
==========

* :vytask:`T5988` ``(bug): image-tools: a check of valid image name is missing from 'add image'``
* :vytask:`T5994` ``(bug): Fix typo in 'remote' module preventing 'add system image' via ftp``


2024-01-26
==========

* :vytask:`T5957` ``(bug): Firewall fails to delete inbound-interface name``
* :vytask:`T5779` ``(bug): custom conntrack timeout rule not applicable``
* :vytask:`T5984` ``(feature): Add user util numactl``


2024-01-25
==========

* :vytask:`T5983` ``(bug): image-tools: minor regression in pruning version files in compatibility mode``
* :vytask:`T5927` ``(bug): QoS policy shaper-hfsc class does not have a `bandwidth` node but requires one in the check``
* :vytask:`T5834` ``(bug): Rename 'enable-default-log' to 'default-log'``


2024-01-22
==========

* :vytask:`T5968` ``(feature): hsflowd: add VRF support``
* :vytask:`T5961` ``(bug): QoS policy shaper vif with ceiling fails on commit``
* :vytask:`T5958` ``(bug): QoS policy shaper-hfsc is not implemented``
* :vytask:`T5969` ``(feature): op-mode: list multicast group membership``


2024-01-21
==========

* :vytask:`T5799` ``(bug): vyos unbootable after 1.4-rolling-202308240020 to 1.5-rolling-202312010026 upgrade``
* :vytask:`T5787` ``(bug): dhcp-server allows duplicate static-mapping for the same IP address``
* :vytask:`T5912` ``(bug): DHCP Static mapping don't work on every first lease``
* :vytask:`T5692` ``(enhancment): NTP leap smear``
* :vytask:`T5954` ``(feature): Enable nvme_hwmon and drivetemp in KERNEL``


2024-01-20
==========

* :vytask:`T5964` ``(bug): disconnect interface wwan0 throws exception``
* :vytask:`T5948` ``(bug): pdns-recursor crashes on restart if hostfile-update is enabled and dhcp client sends hostname with trailing dot``
* :vytask:`T5945` ``(bug): Missing minisign public key for rolling release``
* :vytask:`T5922` ``(bug): Firewall - bug in zone config``
* :vytask:`T5915` ``(bug): Firewall zone - Re add op-mode commands``
* :vytask:`T5724` ``(feature): About dhcp client hooks``
* :vytask:`T5721` ``(bug): Error in migrating configuration from VyOS 1.4``
* :vytask:`T5550` ``(bug): Source validation on interface does not work properly``
* :vytask:`T5239` ``(bug): frr 'hostname' missing or incorrect, and domain-name missing totally``
* :vytask:`T4726` ``(default): Add completion and validation for the accel-ppp RADIUS vendor option``
* :vytask:`T4085` ``(feature): Rewrite L2TP/PPTP/SSTP/PPPoE services to get_config_dict``
* :vytask:`T5963` ``(bug): QoS policy shaper rate calculations could be wrong for some ethernet devices``
* :vytask:`T5876` ``(bug): Dhcp bug in latest 1.5 rolling releases``
* :vytask:`T5962` ``(feature): QoS policy set default speed to 100mbit or 1gbit instead of 10mbit``


2024-01-19
==========

* :vytask:`T5897` ``(bug): VyOS with Cloud-init and VRF stucks at reboot/shutdown process``
* :vytask:`T5554` ``(bug): Disable sudo for PAM RADIUS``
* :vytask:`T4754` ``(default): Improvement: system login: show configured 2FA OTP key``
* :vytask:`T5857` ``(bug): show interfaces wireless info``
* :vytask:`T5841` ``(default): Remove old ssh-session-cleanup.service``
* :vytask:`T5884` ``(default): Minor description fix (op-mode: generate wireguard)``
* :vytask:`T5781` ``(default): Add ability to add additional minisign keys``


2024-01-18
==========

* :vytask:`T5863` ``(bug): Failure to Load Config on Recent 1.5 Versions``
* :vytask:`T4638` ``(bug): Deleting a parent interface does not delete its underlying VLAN interfaces``
* :vytask:`T5953` ``(default): Rename 'close_action' value from `hold` to `trap` in IPSEC IKE``


2024-01-17
==========

* :vytask:`T5923` ``(bug): Config mode system_console.py is not aware of revised GRUB file structure``
* :vytask:`T4658` ``(feature): Rename DPD action `hold` to `trap```


2024-01-16
==========

* :vytask:`T5859` ``(bug): Invalid format of pool range in accel-ppp services``
* :vytask:`T5842` ``(feature): Rewrite PPTP service to get_config_dict``
* :vytask:`T5801` ``(feature): Rewrite L2TP service to get_config_dict``
* :vytask:`T5688` ``(default): Create the same view of pool configuration for all accel-ppp services``


2024-01-15
==========

* :vytask:`T5944` ``(bug): "reboot in 1" not working``
* :vytask:`T5936` ``(bug): [1.3.5 -> 1.4.0-RC1 Migration] OSPF Passive Interface Configuration Not Working Correctly``
* :vytask:`T5247` ``(bug): the bug of the command "show interfaces system"``
* :vytask:`T5901` ``(bug): Cloud-init and DHCP exit hook errors``
* :vytask:`T2556` ``(bug): "show interfaces vrrp" does not return any interface``


2024-01-12
==========

* :vytask:`T5925` ``(feature): Containers change systemd KillMode``
* :vytask:`T5919` ``(bug): Firewall - opmode for ipv6``
* :vytask:`T5306` ``(default): bgp config migration failed with v6only option configured with peer-group``
* :vytask:`T3429` ``(bug): Hyper-V integration services not working on VyOS 1.4 (sagitta/current)``


2024-01-11
==========

* :vytask:`T5713` ``(bug): strip-private doesn't strip string after "secret"``
* :vytask:`T5532` ``(bug): After add system image the boot stuck and works again after the second reboot``
* :vytask:`T5814` ``(bug): VyOS 1.3 to 1.4 LTS Firewall ruleset migration script breaks configuration``
* :vytask:`T3191` ``(bug): PAM RADIUS freezing when accounting does not configured on RADIUS server``
* :vytask:`T5917` ``(feature): Restore annotations of (running)/(default boot) in select image list``
* :vytask:`T5916` ``(default): Added segment routing check for index size and SRGB size``
* :vytask:`T5913` ``(feature): Allow for Peer-Groups in ipv4-labeled-unicast SAFI``


2024-01-10
==========

* :vytask:`T5918` ``(bug): Verification problem for `set vpn ipsec interface```
* :vytask:`T5911` ``(bug): pki: service update ignored if certificate name contains a hyphen (-)``
* :vytask:`T5886` ``(feature): Add support for ACME protocol (LetsEncrypt)``
* :vytask:`T5766` ``(bug): http: rewrite conf-mode script to get_config_dict()``
* :vytask:`T4256` ``(feature): Display static DHCP server leases in the operational command output``
* :vytask:`T5902` ``(bug): http: remove virtual-host configuration in webserver``
* :vytask:`T3316` ``(feature): Use Kea DHCP(v6) instead of ISC DHCP(v6)``
* :vytask:`T5791` ``(default): Update dynamic dns configuration path to be consistent with other areas of VyOS``
* :vytask:`T5708` ``(default): Additional dynamic dns improvements to align with ddclient 3.11.1 release``
* :vytask:`T5573` ``(bug): Fix ddclient cache entries``
* :vytask:`T5614` ``(default): Add conntrack helper matching on firewall``


2024-01-09
==========

* :vytask:`T5898` ``(bug): Replace partprobe with partx due to unable to install VyOS``
* :vytask:`T5840` ``(feature): Upgrade Kea to 2.4.x``
* :vytask:`T5838` ``(feature): Add Infiniband kernel modules``
* :vytask:`T5785` ``(bug): API output of show container image broken``
* :vytask:`T5249` ``(feature): Add rollback-soft feature to rollback without a reboot``
* :vytask:`T2511` ``(feature): Migrate vyatta-op-quagga to new XML format``
* :vytask:`T5905` ``(bug): pki: IPsec and VTI interface priority inversion when using x509 site-to-site peer``


2024-01-08
==========

* :vytask:`T5888` ``(bug): Firewall upgrade fails because of icmpv6``
* :vytask:`T5844` ``(bug): HTTPS API doesn't start without configured keys even when GraphQL authentication type is set to token``
* :vytask:`T5904` ``(feature): op-mode: add "show ipv6 route vrf <name> <prefix>" command``


2024-01-07
==========

* :vytask:`T5899` ``(feature): VyOS vm images use bookworm repo``
* :vytask:`T5887` ``(feature): Upgrade Linux Kernel to 6.6.y (2023 LTS edition)``


2024-01-06
==========

* :vytask:`T3214` ``(bug): OpenVPN IPv6 fixes``


2024-01-05
==========

* :vytask:`T5894` ``(feature): Extend get_config_dict() with additional parameter with_pki that defaults to False``


2024-01-03
==========

* :vytask:`T5880` ``(bug): verify_source_interface should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces``
* :vytask:`T5879` ``(bug): tunnel: sourceing from dynamic pppoe0 interface will fail on reboots``


2024-01-02
==========

* :vytask:`T5885` ``(default): image-tools: relax restriction on image-name length from 32 to 64``


2024-01-01
==========

* :vytask:`T5883` ``(bug): Preserve file ownership in /config subdirs on add system image``
* :vytask:`T5474` ``(feature): Establish common file name pattern for XML conf mode commands``


2023-12-30
==========

* :vytask:`T5875` ``(bug): login: removing and re-adding a user keeps the home directory but UID will change, thus SSH keys no longer work``
* :vytask:`T5653` ``(feature): Command to display fingerprint``


2023-12-29
==========

* :vytask:`T5829` ``(bug): Can't Add IPv6 Address to Containers``
* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface``
* :vytask:`T5869` ``(bug): vyos.template.first_host_address() does not honor RFC4291 section 2.6.1``


2023-12-28
==========

* :vytask:`T5827` ``(bug): image-tools: 'show system image' Command Not in Order``
* :vytask:`T4163` ``(feature): [BMP-BGP]  Routing monitoring  feature``
* :vytask:`T5867` ``(feature): Upgrade podman to Debian Trixie version 4.7.x``
* :vytask:`T5866` ``(feature): Add op-mode command to restart IPv6 RA daemon``
* :vytask:`T5861` ``(bug): Flavor build system fails with third-party packages``
* :vytask:`T5854` ``(feature): Extend override-default script to allow embedded defaultValue settings``
* :vytask:`T5792` ``(default): Upgrade ddclient 3.11.2 release``


2023-12-25
==========

* :vytask:`T5855` ``(feature): Migrate "set service lldp snmp enable" -> `set service lldp snmp"``
* :vytask:`T5837` ``(bug): vyos.configdict.node_changed does not return keys per adding``
* :vytask:`T5856` ``(bug): SNMP service removal fails``


2023-12-23
==========

* :vytask:`T5678` ``(feature): Improvements in PPPoE configuration``


2023-12-22
==========

* :vytask:`T5804` ``(bug): SNAT "any" interface error``


2023-12-21
==========

* :vytask:`T5807` ``(bug): NAT66  op-mode bugs``
* :vytask:`T5778` ``(bug): The show dhcp server leases operation mode command does not work as expected``
* :vytask:`T5775` ``(default): Migrated Firewall Global State Policy ineffective on latest firewall zone config``
* :vytask:`T5676` ``(bug): NAT66 source rule with negation source/destination prefix causes TypeError``
* :vytask:`T5637` ``(bug): Firewall default-action log``
* :vytask:`T5796` ``(bug): Openconnect - HTTPS  security headers are missing``


2023-12-20
==========

* :vytask:`T5823` ``(feature): Protocol BGP add default values for config dictionary``
* :vytask:`T5798` ``(enhancment): reverse-proxy load-balancing service should support multiple certificates for frontend``


2023-12-19
==========

* :vytask:`T5828` ``(default): Fix GRUB installation on arm64``


2023-12-18
==========

* :vytask:`T5751` ``(feature): Adjust new image tools for non-interactive use``
* :vytask:`T5831` ``(feature): show system image should reverse order by addition date``
* :vytask:`T5825` ``(bug): image-tools: restore authentication on 'add system image'``
* :vytask:`T5821` ``(bug): image-tools: restore vrf-aware 'add system image'``
* :vytask:`T5819` ``(bug): Don't echo password on install image``
* :vytask:`T5806` ``(bug): Clear old raid data on new install image``
* :vytask:`T5789` ``(bug): image-tools should copy ssh host keys on image update``
* :vytask:`T5758` ``(default): Restore scanning configs when live installing``


2023-12-15
==========

* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs``
* :vytask:`T5770` ``(bug): MACsec not encrypting``
* :vytask:`T5803` ``(default): git/github: Adjust configuration for safe and baseline defaults``


2023-12-14
==========

* :vytask:`T5773` ``(bug): Unable to load config via HTTP``
* :vytask:`T5816` ``(bug): BGP Large Community List Validation Broken``
* :vytask:`T5812` ``(bug): rollback check max revision number does not work``
* :vytask:`T5749` ``(feature): Show MAC address VRF and MTU by default for "show interfaces"``
* :vytask:`T5774` ``(bug): commit-archive to FTP server broken after update (VyOS 1.5-rolling)``
* :vytask:`T5826` ``(default): Add dmicode as an explicit dependency``
* :vytask:`T5793` ``(default): mdns-repeater: Cleanup avahi-daemon configuration in /etc``


2023-12-13
==========

* :vytask:`T591` ``(feature): Support SRv6``


2023-12-12
==========

* :vytask:`T5815` ``(enhancment): Add load_config module``


2023-12-11
==========

* :vytask:`T5741` ``(bug): WAN Load Balancing failover route tables aren't created``


2023-12-10
==========

* :vytask:`T5658` ``(default): Add VRF support for mtr``


2023-12-09
==========

* :vytask:`T5808` ``(bug): op-mode: ipv6 ospfv3 graceful-restart description contains incorrect info``
* :vytask:`T5802` ``(bug): ping (ip or hostname) interface <tab> produces error``
* :vytask:`T5747` ``(feature): op-mode add MAC VRF and MTU for show interfaces summary``
* :vytask:`T3983` ``(bug): show pki certificate Doesnt show x509 certificates``


2023-12-08
==========

* :vytask:`T5782` ``(enhancment): Use a single config mode script for https and http-api``
* :vytask:`T5768` ``(enhancment): Remove auxiliary http-api.conf for simplification of http-api config mode script``


2023-12-04
==========

* :vytask:`T5769` ``(bug): VTI tunnels lose their v6 Link Local addresses when set down/up``


2023-12-03
==========

* :vytask:`T5753` ``(feature): Add VXLAN vnifilter support``
* :vytask:`T5759` ``(feature): Change VXLAN default MTU to 1500 bytes``


2023-11-27
==========

* :vytask:`T5763` ``(bug): Fix imprecise check for remote file name in vyos-load-config.py``
* :vytask:`T5783` ``(feature): frr: smoketests must notice any daemon crash``


2023-11-26
==========

* :vytask:`T5760` ``(feature): DHCP client custom dhcp-options``
* :vytask:`T2405` ``(feature): archive to GIT or other platform``


2023-11-25
==========

* :vytask:`T5655` ``(bug): commit-archive: Ctrl+C should not eror out with stack trace, signal should be cought``


2023-11-24
==========

* :vytask:`T5776` ``(feature): Enable VFIO support``
* :vytask:`T5402` ``(bug): VRRP router with rfc3768-compatibility sends multiple ARP replies``


2023-11-23
==========

* :vytask:`T5659` ``(bug): VPP cannot add interface to dataplane if it already has an address configured``


2023-11-22
==========

* :vytask:`T5767` ``(feature): Add reboot and poweroff the system via API``
* :vytask:`T5729` ``(bug): Firewall, nat and policy route - Switch to valueless``
* :vytask:`T5681` ``(feature): Interface match - Simplified and unified cli``
* :vytask:`T5643` ``(feature): NAT - Allow interface groups on nat rules``
* :vytask:`T5616` ``(feature): Firewall mark - Add capabilities for matching firewall mark``
* :vytask:`T5590` ``(default): Firewall "log enable" logs every packet``


2023-11-21
==========

* :vytask:`T5762` ``(bug): http: api: smoketests fail as they can not establish IPv6 connection to uvicorn backend server``


2023-11-18
==========

* :vytask:`T1354` ``(feature): Add support for VLAN-Aware bridges``


2023-11-16
==========

* :vytask:`T5726` ``(bug): HTTPS API image cannot be updated``
* :vytask:`T5738` ``(feature): Extend XML building blocks``
* :vytask:`T5736` ``(feature): igmp: migrate "protocols igmp" to "protocols pim"``
* :vytask:`T5733` ``(feature): pim(6): rewrite FRR PIM daemon configuration to get_config_dict() and add missing IGMP features``
* :vytask:`T5689` ``(default): FRR 9.0.1 in VyOS current segfaults on show rpki prefix $prefix``
* :vytask:`T5595` ``(feature): Multicast - PIM  bfd feature enable``


2023-11-15
==========

* :vytask:`T5695` ``(feature): Build FRR with LUA scripts --enable-scripting option``
* :vytask:`T5677` ``(bug): show lldp neighbors generates TypeError when neighbor has no `descr```
* :vytask:`T5728` ``(bug): Improve compatibility between OpenVPN on VyOS 1.5 and OpenVPN Connect Client``
* :vytask:`T5732` ``(bug): generate firewall rule-resequence drops geoip country-code from output``
* :vytask:`T5661` ``(enhancment): Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection``


2023-11-13
==========

* :vytask:`T5698` ``(feature): EVPN ESI Multihoming``
* :vytask:`T5563` ``(bug): container: Container environment variable cannot be set``
* :vytask:`T5706` ``(bug): Systemd-udevd high CPU utilization for multiple dynamic ppp/l2tp/ipoe interfaces``


2023-11-10
==========

* :vytask:`T5727` ``(bug): validator: Use native URL validator instead of regex-based validator``


2023-11-08
==========

* :vytask:`T5720` ``(bug): PPPoE-server adding new interface does not work``
* :vytask:`T5716` ``(bug): PPPoE-server shaper template bug down-limiter option does not rely on fwmark``
* :vytask:`T5702` ``(feature): Add ability to set include_ifmib_iface_prefix and ifmib_max_num_ifaces  for SNMP``
* :vytask:`T5693` ``(feature): Adding variable vyos_persistence_dir (and improve variable vyos_rootfs_dir)``
* :vytask:`T5648` ``(bug): ldpd neighbour template errors``
* :vytask:`T5564` ``(bug): Both show firewall group and show firewall summary fails``
* :vytask:`T5559` ``(feature): Selective proxy-arp/proxy-ndp when doing SNAT/DNAT``
* :vytask:`T5541` ``(bug): Zone-Based Firewalling in VyOS Sagitta 1.4``


2023-11-07
==========

* :vytask:`T5586` ``(feature): Disable by default SNMP for Keepalived VRRP``


2023-11-06
==========

* :vytask:`T5705` ``(bug): rsyslog - Not working when using facility=all``
* :vytask:`T5704` ``(feature): PPPoE-server add max-starting option``
* :vytask:`T5707` ``(bug): Wireguard peer public key update leaves redundant peers and breaks connectivity``


2023-11-03
==========

* :vytask:`T5700` ``(bug): Monitoring telegraf deprecated plugins inputs outputs``


2023-11-02
==========

* :vytask:`T5701` ``(feature): Update telegraf package``


2023-11-01
==========

* :vytask:`T5690` ``(bug): Change to definition of environment variable 'vyos_rootfs_dir' is incorrect``


2023-10-31
==========

* :vytask:`T5699` ``(feature): vxlan: migrate "external" CLI know to "parameters external"``
* :vytask:`T5668` ``(feature): Disable VXLAN bridge learning and enable neigh_suppress when using EVPN``


2023-10-27
==========

* :vytask:`T5663` ``(bug): pmacct package contains unwanted data``
* :vytask:`T5652` ``(bug): Config migrate to image upgrade does not properly generate home directory``


2023-10-26
==========

* :vytask:`T5683` ``(bug): reverse-proxy pki filenames mismatch``
* :vytask:`T5600` ``(bug): Firewall - Remove or extend constraint on 'interface-name'``
* :vytask:`T5598` ``(bug): unknown parameter 'nf_conntrack_helper' ignored``
* :vytask:`T5571` ``(bug): Firewall does not delete networks from the table raw``
* :vytask:`T4903` ``(bug): conntrack ignore does not suppotr IPv6 addresses``
* :vytask:`T4309` ``(feature): Support network/address-groups and  ipv6-network/ipv6-address-groups in conntrack ignore``
* :vytask:`T5594` ``(bug): VRRP - Error if using IPv6 Link Local as hello source address``
* :vytask:`T5606` ``(feature): IPSec VPN: Allow multiple CAs certificates``
* :vytask:`T5568` ``(default): Install image from live ISO always defaults boot to KVM entry``
* :vytask:`T5558` ``(default): Update config test to check resulting migrations``


2023-10-23
==========

* :vytask:`T5299` ``(bug): QoS shaper ceiling does not work``
* :vytask:`T5667` ``(feature): BGP label-unicast - enable ecmp``


2023-10-22
==========

* :vytask:`T5254` ``(bug): Modification of any interface setting sets MTU back to default when MTU has been inherited from a bond``
* :vytask:`T5671` ``(feature): vxlan: change port to IANA assigned default port``


2023-10-21
==========

* :vytask:`T5670` ``(bug): bridge: missing member interface validator``
* :vytask:`T5617` ``(feature): Add an option to exclude single values to the numeric validator``


2023-10-20
==========

* :vytask:`T5233` ``(bug): Op-mode flow-accounting netflow with disable-imt errors``
* :vytask:`T5232` ``(bug): Flow-accounting uacctd.service cannot restart correctly``


2023-10-19
==========

* :vytask:`T4913` ``(default): Rewrite the wireless op mode in the new style``


2023-10-18
==========

* :vytask:`T5642` ``(bug): op cmd: generate tech-support archive: does not work``
* :vytask:`T5521` ``(bug): Home owner directory changed to vyos for the user after reboot``


2023-10-17
==========

* :vytask:`T5662` ``(bug): Fix indexing error in configdep script organization``
* :vytask:`T5644` ``(bug): Firewall groups deletion can break config``


2023-10-16
==========

* :vytask:`T5165` ``(feature): Policy local-route ability set protocol and port``


2023-10-14
==========

* :vytask:`T5629` ``(bug): Policy local-route bug after migration to destination node address``


2023-10-12
==========

* :vytask:`T5649` ``(bug): vyos-1x should generate XML cache after building command templates for less cryptic error on typo``


2023-10-10
==========

* :vytask:`T5589` ``(bug): Nonstripped binaries exists in VyOS``
* :vytask:`T5489` ``(feature): Change to BBR as TCP congestion control, or at least make it an config option``


2023-10-08
==========

* :vytask:`T5630` ``(feature): pppoe: allow to specify MRU in addition to already configurable MTU``


2023-10-06
==========

* :vytask:`T5576` ``(feature): Add bgp remove-private-as all option``


2023-10-05
==========

* :vytask:`T4320` ``(default): Remove legacy version files in vyatta-cfg-system/cfg-version``


2023-10-04
==========

* :vytask:`T5632` ``(feature): Add jq package to parse JSON files``
* :vytask:`T3655` ``(bug): NAT  Problem with VRF``
* :vytask:`T5585` ``(bug): Fix file access mode for dynamic dns configuration``


2023-10-03
==========

* :vytask:`T5618` ``(bug): Flow-accounting crushes when IMT is enabled``
* :vytask:`T5579` ``(bug): Log firewall - Wrong command after firewall refactor``
* :vytask:`T5561` ``(feature): NAT - Inbound or outbound interface should not be mandatory``
* :vytask:`T5626` ``(feature): Only select required Kernel CGROUP controllers``
* :vytask:`T5628` ``(feature): op-mode: login: DeprecationWarning: 'spwd'``


2023-09-28
==========

* :vytask:`T5596` ``(feature): bgp: add new features from FRR 9``
* :vytask:`T5412` ``(feature): Add support for extending config-mode dependencies in supplemental package``


2023-09-24
==========

* :vytask:`T5604` ``(bug): List of debian archives is out of date (non-free-firmware is missing)``
* :vytask:`T5591` ``(feature): Cleanup of FRR daemons-file and various FRR fixes``


2023-09-22
==========

* :vytask:`T5602` ``(feature): For reverse-proxy type of load-balancing feature, support "backup" option in backends configuration``
* :vytask:`T5609` ``(enhancment): Add util to get drive device name from id``
* :vytask:`T5608` ``(enhancment): Rewrite add/delete raid member to Python and remove from vyatta-op``
* :vytask:`T5607` ``(bug): Adjust RAID smoketest for non-deterministic SCSI device probing``


2023-09-20
==========

* :vytask:`T5588` ``(bug): Add kernel conntrack_bridge module``
* :vytask:`T5241` ``(feature): Support veth interfaces to working with netns``
* :vytask:`T5592` ``(feature): salt: upgrade minion to 3005.2``


2023-09-19
==========

* :vytask:`T5597` ``(feature): isis: add new features from FRR 9.``


2023-09-18
==========

* :vytask:`T5575` ``(bug): ARP/NDP table-size isnt set properly``


2023-09-15
==========

* :vytask:`T5587` ``(bug): Firwall can not pass the smoketest``
* :vytask:`T5581` ``(feature): Add "show ip nht" op-mode command (IPv4 nexthop tracking table)``


2023-09-11
==========

* :vytask:`T5562` ``(bug): Smoketests fail for vyos:current (test_netns.py)``
* :vytask:`T5551` ``(bug): Missing check for boot_configuration_complete raises error in vyos-save-config.py``
* :vytask:`T5353` ``(bug): config-mgmt: normalize archive updates and commit log entries``


2023-09-10
==========

* :vytask:`T5555` ``(bug): Fix timezone migrator (system 13-to-14)``


2023-09-09
==========

* :vytask:`T5423` ``(bug): ipsec: no output for op-cmd "show vpn ike secrets"``


2023-09-08
==========

* :vytask:`T5560` ``(bug): VyOS version in current branch should be changed from 1.4 to 1.5``


2023-09-07
==========

* :vytask:`T5556` ``(bug): reboot now and  poweroff does not work``


2023-09-06
==========

* :vytask:`T5548` ``(bug): HAProxy renders timeouts incorrectly``