vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
vyos-documentation/docs/changelog/1.3.rst
rebortg 73bacacd6f add release notes of eqquleus and sagitta
2024-08-05 22:14:16 +02:00

942 lines
54 KiB
ReStructuredText
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

############
1.3 Eqquleus
############
..
Please don't add anything by hand.
This file is managed by the script:
_ext/releasenotes.py
1.3.9 (future release)
======================
**Bug fixes**
* :vytask:`T5926` ``IPSEC does not apply after l2tp configuration was changed``
**Other resolved issues**
* :vytask:`T1311` ``WAN load-balancing can't flush connections when conntrack-sync is enabled``
1.3.8 (25th June 2024)
======================
**Bug fixes**
* :vytask:`T5725` ``protocol IS-IS configuration is empty if a tunnel does not have remote address``
* :vytask:`T6337` ``Upgrade from 1.3.5 fails if ssh public key name has a space in it``
* :vytask:`T6359` ``Multicast does not forward after reboot``
1.3.7 (13th May 2024)
=====================
**Security**
* :vytask:`T6324` ``CVE-2024-2961``
**New features and improvements**
* :vytask:`T1244` ``Add support for StartupResync in conntrack-sync``
* :vytask:`T5364` ``Make it possible to set the PADO delay to 0``
* :vytask:`T5418` ``Allow arbitrary subnets in PPPoE client IP pools``
* :vytask:`T5504` ``Make it possible to set more than one peer-address in unicast VRRP``
* :vytask:`T6057` ``Add ability to disable syslog for conntrackd``
**Bug fixes**
* :vytask:`T1751` ``DNS server addresses from DHCPv6 are not added to resolv.conf``
* :vytask:`T1976` ``deleting address-family under neighbor will disable neighbor``
* :vytask:`T2044` ``RPKI doesn't boot properly``
* :vytask:`T2113` ``OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping``
* :vytask:`T2279` ``Router resolves as 127.0.1.1 when using Router's Recursive DNS``
* :vytask:`T2590` ``DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c``
* :vytask:`T2612` ``HTTPS API, changing API key fails but goes through``
* :vytask:`T2801` ``conntrack-tools flooding logs``
* :vytask:`T2998` ``SNMP v3 oid "exclude" option doesn't work``
* :vytask:`T3437` ``BGP Confederation Addition Causes Error``
* :vytask:`T3992` ``Unhandled exception when trying to add an interface with an assigned address to a bridge``
* :vytask:`T4270` ``When "ignore-hosts-file" is unset, local hostname of the router resolves to 127.0.1.1 in the DNS forwarding service``
* :vytask:`T4453` ``dhclient fails to renew DHCP lease with VRF``
* :vytask:`T5239` ``Host name and domain name missing from the FRR configuration``
* :vytask:`T5982` ``Isolated interfaces smoketest fail``
* :vytask:`T6004` ``Missing RPKI boot priority prevents it from loading``
* :vytask:`T6056` ``Applying 'system static-host-mapping' command calls unnecessary snmpd restart``
* :vytask:`T6088` ``Configuration corrupted after saving and powercut or force reboot``
* :vytask:`T6096` ``Config commits are not synced properly because 00vyos-sync is deleted by vyos-router``
* :vytask:`T6110` ``Insufficient validation of range option with failover in DHCP server``
* :vytask:`T6124` ``Docker equuleus build image doesn't build due to fpm``
* :vytask:`T6141` ``Trying to set PADO delay in PPPoE server without also configuring the session options causes a commit failure``
* :vytask:`T6150` ``Impossible to set a static IP address via RADIUS in IPoE``
* :vytask:`T6193` ``dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces``
* :vytask:`T6196` ``route-map and summary-only do not work in BGP aggregation at the same time``
* :vytask:`T6243` ``Update vyos-http-api-tools for package idna security advisory``
**Other resolved issues**
* :vytask:`T1198` ``Extra hyphen in suggested image name on upgrade``
* :vytask:`T3584` ``Migrate NTP server addresses from *.pool.ntp.org to our own``
* :vytask:`T6261` ``Typo in the operational mode connect and disconnect command output``
1.3.6 (14th February 2024)
==========================
**Security**
* :vytask:`T5318` ``Security Vulnerabilities for VyOS 1.3.3``
**Configuration syntax changes (automatically migrated)**
* :vytask:`T2060` ``source-validation will be configured at different locations and could lead to massive confusion``
* :vytask:`T2289` ``Denest cerbot certificate configuration from service https``
**New features and improvements**
* :vytask:`T1929` ``ipset in firewall``
* :vytask:`T2060` ``source-validation will be configured at different locations and could lead to massive confusion``
* :vytask:`T2116` ``Processing configuration via Cloud-init User-Data``
* :vytask:`T2191` ``Using tallow to block sshd probes``
* :vytask:`T2289` ``Denest cerbot certificate configuration from service https``
* :vytask:`T3039` ``Resize a root partition and filesystem automatically during deployment in virtual environments``
* :vytask:`T4039` ``Rsyslog to use 'protocol23format' for protocol UDP``
* :vytask:`T4078` ``A hybrid of "network-group" and "address-group".``
* :vytask:`T5182` ``Update Intel ice driver``
* :vytask:`T5187` ``Update Realtek r8152 driver``
* :vytask:`T5275` ``Add op mode commands for exporting certificates to PEM files with correct headers``
* :vytask:`T5796` ``Openconnect - HTTPS security headers are missing``
**Bug fixes**
* :vytask:`T117` ``Cannot install from ISO via serial console on ttyS1``
* :vytask:`T1925` ``DMVPN is always listed as down in "show vpn ipsec sa"``
* :vytask:`T2085` ``Building some packages with vyos-build no longer works for Equuleus/current``
* :vytask:`T2163` ``Disabled vif interface with "address dhcp" requests DHCP address``
* :vytask:`T2404` ``Cannot change MTU``
* :vytask:`T2509` ``No inotify notifications from /``
* :vytask:`T2574` ``wan-load-balance snat bug and route problem``
* :vytask:`T2793` ``compare + TAB completion does not show proper username if user contains _``
* :vytask:`T2837` ``make-version-file executed too early during build process``
* :vytask:`T3154` ``route-map CLI allows 32-bit ASNs in community options even though FRR doesn't``
* :vytask:`T3980` ``vrrp transition-script validator makes warning fatal and also causes a python NameError exception``
* :vytask:`T4062` ``VRRP IPSEC-AH : sequence number xxxxxxx already processed. Packet dropped. Local(xxxxxxx)``
* :vytask:`T4566` ``Cannot log in on serial console on Equuleus v1.3.1``
* :vytask:`T4752` ``ICMP redirects not working / not properly configured``
* :vytask:`T4760` ``VyOS does not support running multiple instances of DHCPv6 clients``
* :vytask:`T4990` ``Commit results may not be properly saved if power is cut immediately after a successful commit``
* :vytask:`T5180` ``initramfs-tools ignores firmware from updates directory``
* :vytask:`T5543` ``Fix source address handling in static joins``
* :vytask:`T5625` ``"restart vpn" does not work if ipsec-interfaces is not set``
* :vytask:`T5739` ``Password recovery does not work if public keys are configured``
* :vytask:`T5800` ``HTTPS API unavailable after delete VRF``
* :vytask:`T5852` ``Reboots fail with eapol WAN interface``
* :vytask:`T5914` ``CVE-2023-48795 - Terrapin vulnerability``
* :vytask:`T5924` ``Build cannot pass the smoketest dialup-router-medium-vpn``
* :vytask:`T5967` ``Multi-hop BFD connections can't be established; please add minimum-ttl option.``
* :vytask:`T6017` ``Update vyos-http-api-tools for security advisory``
**Other resolved issues**
* :vytask:`T922` ``OSPF - Process Crash after peer reboot``
* :vytask:`T1297` ``Add GARP settings to VRRP/keepalived``
* :vytask:`T1369` ``GCP Networking Failure``
* :vytask:`T1500` ``Slow boot/load and CLI response times``
* :vytask:`T1667` ``Add a tool for automatically importing old style command definitions into XML``
* :vytask:`T1671` ``rewrite udev script logic /lib/udev/vyatta_net_name``
* :vytask:`T1981` ``Allow route-map 'set src' to reference both IPv4 and IPv6``
* :vytask:`T2223` ``convert operational show interfaces to python/XML``
* :vytask:`T2353` ``Interface [conf_mode] errors parent task``
* :vytask:`T2431` ``Python validators are slow``
* :vytask:`T2452` ``Serial console related issues``
* :vytask:`T2546` ``The root task for rewriting [op-mode] to XML``
* :vytask:`T2579` ``The root task for VRF features``
* :vytask:`T2655` ``ConfigError formatting issue``
* :vytask:`T2720` ``Rework vyos.template Python module to make future extension easier``
* :vytask:`T2755` ``Requirements for partial interface setup``
* :vytask:`T2799` ``VyOS Certificates Manager``
* :vytask:`T3191` ``PAM RADIUS freezing when accounting does not configured on RADIUS server``
* :vytask:`T3348` ``dhcpd: Can't create new lease file: Permission denied``
* :vytask:`T3403` ``Error on interrupting list of pppoe sessions``
* :vytask:`T3513` ``Attempting to remove firewall rule results in error``
* :vytask:`T3688` ``Fail to save configuration via scp/sftp``
* :vytask:`T3737` ``openvpn-option needs to be able to support quotes as since openvpn 2.4.``
* :vytask:`T3813` ``Some custom sysctl parameters can't be applied bug``
* :vytask:`T4222` ``Support for TWAMP as round-trip metric``
* :vytask:`T4646` ``USB serial output console does not work``
* :vytask:`T5274` ``Add a deprecation warning for OpenVPN site-to-site with pre-shared secret``
* :vytask:`T5714` ``IPSec VPN: op-mode: "show log vpn" does not show results``
* :vytask:`T5715` ``IPSec VPN: restart vpn is not working``
* :vytask:`T6014` ``Bump keepalived version``
* :vytask:`T6249` ``ISO builder fails because of changed buster-backport repository``
1.3.5 (15th December 2023)
==========================
**Configuration syntax changes (automatically migrated)**
* :vytask:`T2139` ``openvpn: allow "dh-file none" to disable DH for ECDH keys``
**New features and improvements**
* :vytask:`T1118` ``Obsolete "utc" option in time selector in firewall``
* :vytask:`T2014` ``Use vendor specific NTP Pool hostname``
* :vytask:`T2139` ``openvpn: allow "dh-file none" to disable DH for ECDH keys``
* :vytask:`T4269` ``node.def generator should automatically add default values``
* :vytask:`T5213` ``Accel-ppp sending accounting interim updates acct-interim-interval option``
* :vytask:`T5270` ``Make OpenVPN `tls dh-params` optional``
* :vytask:`T5271` ``Add support for peer-fingerprint to OpenVPN``
* :vytask:`T5273` ``Add op mode commands for displaying certificate details and fingerprints``
* :vytask:`T5387` ``dhcp6c: add a no release option``
* :vytask:`T5576` ``Add bgp remove-private-as all option``
* :vytask:`T5586` ``Disable by default SNMP for Keepalived VRRP``
* :vytask:`T5630` ``pppoe: allow to specify MRU in addition to already configurable MTU``
* :vytask:`T5661` ``Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection``
**Bug fixes**
* :vytask:`T305` ``loadbalancing does not work with one pppoe connection and another connection of either dhcp or static``
* :vytask:`T971` ``authentication public-keys options quoting issue``
* :vytask:`T1012` ``vyos-build configure script should check /etc/issue to avoid confusion``
* :vytask:`T2051` ``Throughput anomalies``
* :vytask:`T2250` ``vyos-build "make iso" error if configure was ran outside of the docker container``
* :vytask:`T3020` ``The "scp" example is wrong in the bash-completion for "set system config-management commit-archive location"``
* :vytask:`T3045` ``Changes to Conntrack-Sync don't apply correctly (Mutlicast->UDP)``
* :vytask:`T3940` ``DHCP client does not remove IP address when stopped by the 02-vyos-stopdhclient hook``
* :vytask:`T4146` ``Nginx should not listen on port 80``
* :vytask:`T4328` ``Large MTU on 1.3.1-S1``
* :vytask:`T4402` ``OpenVPN client-ip-pool option is broken``
* :vytask:`T4601` ``dhcp : relay agent IP address issue.``
* :vytask:`T4776` ``NVME storage is not detected properly during installation``
* :vytask:`T5223` ``tunnel key doesn't clear``
* :vytask:`T5235` ``SSH keys with special characters cannot be applied via Cloud-init``
* :vytask:`T5402` ``VRRP router with rfc3768-compatibility sends multiple ARP replies``
* :vytask:`T5413` ``Deny the opportunity to use one public/private key pair on both wireguard peers.``
* :vytask:`T5486` ``Service dns dynamic cannot pass the smoketest``
* :vytask:`T5669` ``VXLAN interface changing port does not work``
* :vytask:`T5670` ``bridge: missing member interface validator``
* :vytask:`T5763` ``Fix imprecise check for remote file name in vyos-load-config.py``
* :vytask:`T5777` ``frr: backport and upstream recent bgpd daemon crashes``
**Other resolved issues**
* :vytask:`T1276` ``dhcp relay + VLAN fails``
* :vytask:`T2719` ``Standardized op mode script structure``
* :vytask:`T3536` ``Unable to list all available routes``
* :vytask:`T3702` ``Policy: Allow routing by fwmark``
* :vytask:`T5191` ``Replace underscores with hyphens in command-line options generated by vyos.opmode``
* :vytask:`T5268` ``OpenVPN: upgrade package to 2.6 series``
* :vytask:`T5280` ``Update Expired keys (2023-06-08) for PowerDNS``
* :vytask:`T5578` ``"ikev2-reauth" description contains outdated information``
* :vytask:`T5624` ``Remove /etc/debian_version from the image``
* :vytask:`T5632` ``Add jq package to parse JSON files``
* :vytask:`T5817` ``Show openvpn server fails in some cases``
1.3.4 (17th October 2023)
=========================
**New features and improvements**
* :vytask:`T738` ``Add local-port and resolver port options for powerdns in CLI configuration tree``
* :vytask:`T2123` ``Configure 3 NTP servers``
* :vytask:`T2424` ``Ability to choose the direction of Mirroring``
* :vytask:`T3144` ``Support op-mode command to release DHCP leases``
* :vytask:`T3546` ``Add support for running scripts on PPPoE server session events``
* :vytask:`T4151` ``IPV6 local PBR Support``
* :vytask:`T4426` ``Add arpwatch to the image``
* :vytask:`T4475` ``route-map does not support ipv6 peer``
* :vytask:`T4825` ``interfaces veth/veth-pairs -standalone used``
* :vytask:`T5190` ``Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0``
* :vytask:`T5265` ``WAN load-balancing: missing completion helpers``
* :vytask:`T5315` ``vrrp: add support for version 3``
* :vytask:`T5354` ``Add sshguard to protect against brut-forces for 1.3``
**Bug fixes**
* :vytask:`T2611` ``Prefix list names are shared between ipv4 and ipv6``
* :vytask:`T2908` ``VRF and bridge membership isnt mutually exclusive``
* :vytask:`T2958` ``DHCP server doesn't work from a live CD``
* :vytask:`T3070` ``Firewall going OOM, possible related to nftables migration``
* :vytask:`T3098` ``Cannot talk to rtnetlink: Message too long Command failed -:1``
* :vytask:`T3339` ``Cloud-Init domain search setting not applied``
* :vytask:`T4113` ``Incorrect GRUB configuration parsing``
* :vytask:`T4121` ``Nameservers from DHCP client cannot be used in specific cases``
* :vytask:`T4407` ``Network-config v2 is broken in Cloud-init 22.1 and VyOS 1.3``
* :vytask:`T4412` ``commit archive: reboot not working with sftp``
* :vytask:`T4459` ``API service with VRF doesn't work in 1.3.1``
* :vytask:`T4745` ``CLI TAB issue with values with '-' at the beginning in conf mode``
* :vytask:`T4790` ``RADIUS login does not work if sum of timeouts more than 50s``
* :vytask:`T4855` ``Trying to create more than one tunnel of the same type to the same address causes unhandled exception``
* :vytask:`T4869` ``A network with `/32` or `/128` mask cannot be removed from a network-group``
* :vytask:`T4895` ``Tag nodes are overwritten when configured by Cloud-Init from User-Data``
* :vytask:`T5006` ``Http api segfault with concurrent requests``
* :vytask:`T5140` ``Firewall network-group problems``
* :vytask:`T5221` ``BGP as-override behavior differs from new FRR and other vendors``
* :vytask:`T5240` ``Service router-advert failed to start radvd with more then 3 name-servers``
* :vytask:`T5305` ``REST API configure operation should not be defined as async``
* :vytask:`T5313` ``UDP broadcast relay - missing verify() that relay interfaces have an IP address assigned``
* :vytask:`T5329` ``Wireguard interface as GRE tunnel source causes configuration error on boot``
* :vytask:`T5428` ``dhcp: client renewal fails when running inside VRF``
* :vytask:`T5506` ``Container bridge interfaces do not have a link-local address``
* :vytask:`T5524` ``Add config directory to liveCD``
* :vytask:`T5533` ``Keepalived VRRP IPv6 group enters in FAULT state``
* :vytask:`T5545` ``sflow is not working``
* :vytask:`T5555` ``Fix timezone migrator (system 13-to-14)``
* :vytask:`T5594` ``VRRP - Error if using IPv6 Link Local as hello source address``
**Other resolved issues**
* :vytask:`T469` ``Problem after commit with errors``
* :vytask:`T2296` ``Upgrade WALinux to 2.2.41``
* :vytask:`T3424` ``PPPoE IA-PD doesn't work in VRF``
* :vytask:`T3577` ``Generating vpn x509 key pair fails with command not found``
* :vytask:`T3713` ``Create a meta-package for user utilities``
* :vytask:`T4306` ``Do not check for ditry repository when building release images``
* :vytask:`T4874` ``Add Warning message to Equuleus``
* :vytask:`T4933` ``Malformed lines cause vyos.util.colon_separated_to_dict fail with a nondescript error``
* :vytask:`T5272` ``Upgrade OpenVPN to 2.6 in Equuleus``
* :vytask:`T5470` ``wlan: can not disable interface if SSID is not configured``
* :vytask:`T5557` ``bgp: Use treat-as-withdraw for tunnel encapsulation attribute CVE-2023-38802``
1.3.3 (22th June 2023)
======================
**Security**
* :vytask:`T3835` ``vyos router 1.2.7 snmp Dos bug``
* :vytask:`T4970` ``pin OCaml pcre package to avoid JIT support``
**Configuration syntax changes (automatically migrated)**
* :vytask:`T4628` ``ConfigTree() throws ValueError() if tagNode contains whitespaces``
**New features and improvements**
* :vytask:`T1024` ``Policy Based Routing by DSCP``
* :vytask:`T1928` ``Is the 'Welcome to VyOS' message when using SSH an information leak?``
* :vytask:`T1993` ``Extended pppoe rate-limiter``
* :vytask:`T2603` ``pppoe-server: reduce min MTU``
* :vytask:`T2640` ``Running VyOS inside Docker containers``
* :vytask:`T2769` ``Add VRF support for syslog``
* :vytask:`T3937` ``Rewrite "show system memory" in Python to make it usable as a library function``
* :vytask:`T4219` ``support incoming-interface (iif) in local PBR``
* :vytask:`T4575` ``vyos.utill add new wrapper "rc_cmd" to get the return code and output``
* :vytask:`T4683` ``Add kitty-terminfo package to build``
* :vytask:`T4727` ``Add RADIUS rate limit support to PPTP server``
* :vytask:`T4743` ``Enable IPv6 address for Dynamic DNS``
* :vytask:`T4785` ``snmp: Allow !, @, * and # in community name``
* :vytask:`T4812` ``IPsec ability to show all configured connections``
* :vytask:`T4898` ``Add mtu config option for dummy interfaces``
* :vytask:`T4922` ``Add ssh-client source-interface CLI option``
* :vytask:`T4947` ``Support mounting container volumes as ro or rw``
* :vytask:`T4948` ``pppoe: add CLI option to allow definition of host-uniq flag``
* :vytask:`T4949` ``Backport "monitor log" and "show log" op-mode definitions from current to equuleus``
* :vytask:`T4959` ``Add container registry authentication config for containers``
* :vytask:`T4971` ``Radius attribute "Framed-Pool" for PPPoE``
* :vytask:`T5033` ``generate-public-key command fails for address with multiple public keys like GitHub``
* :vytask:`T5098` ``PPPoE client holdoff configuration``
**Bug fixes**
* :vytask:`T2118` ``Failure to boot after power outage due to dirty filesystem and no fsck in initramfs``
* :vytask:`T2189` ``Adding a large port-range will take ~ 20 minutes to commit``
* :vytask:`T2516` ``vyos-container: cannot configure ethernet interface``
* :vytask:`T2838` ``Ethernet device names changing, multiple hw-id being added``
* :vytask:`T3852` ``DHCP client issue - interface has two dhclient processes when link is unpluged and then plug again``
* :vytask:`T4117` ``Does not possible to configure PoD/CoA for L2TP vpn``
* :vytask:`T4153` ``Monitor bandwidth-test initiate not working``
* :vytask:`T4177` ``Strip-private doesn't work for service monitoring``
* :vytask:`T4312` ``Telegraf configuration doesn't accept IPs for URL``
* :vytask:`T4533` ``Radius clients dont have simple permissions``
* :vytask:`T4582` ``Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs``
* :vytask:`T4628` ``ConfigTree() throws ValueError() if tagNode contains whitespaces``
* :vytask:`T4630` ``Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time``
* :vytask:`T4642` ``proxy: hyphen not allowed in proxy URL``
* :vytask:`T4648` ``PPPoE: Ignore default router from RA when PPPoE default-route is set to none``
* :vytask:`T4664` ``Add validation to reject whitespace in tag node value names``
* :vytask:`T4668` ``Adding/removing members from bond doesn't work/results in incorrect interface state``
* :vytask:`T4671` ``linux-firmware package is missing symlinks defined in WHENCE file``
* :vytask:`T4679` ``OpenVPN site-to-site incorrect check for IPv6 local and remote address``
* :vytask:`T4680` ``Telegraf prometheus-client listen-address invalid format``
* :vytask:`T4702` ``Wireguard peers configuration is not synchronized with CLI``
* :vytask:`T4709` ``TCP MSS clamping broken in equuleus``
* :vytask:`T4730` ``Conntrack-sync error - listen-address is not the correct type in config as it should be``
* :vytask:`T4737` ``FRRouting/zebra 7.5.1 does not redistribute routes to other protocols``
* :vytask:`T4799` ``PowerDNS >= 4.7 does not get reloaded by vyos-hostsd``
* :vytask:`T4872` ``Op-mode show openvpn misses a case when parsing for tunnel IP``
* :vytask:`T4884` ``Missing a community6 in snmpd config``
* :vytask:`T4896` ``ospfv3: Fix broken not-advertise option``
* :vytask:`T4902` ``snmpd: exclude container storage from monitoring``
* :vytask:`T4918` ``Odd show interface behavior``
* :vytask:`T4939` ``VRRP command no-preempt not work as expected``
* :vytask:`T4955` ``Openconnect radiusclient.conf generating with extra authserver``
* :vytask:`T4975` ``CLI does not work after cutting off the power or reset``
* :vytask:`T4978` ``KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536``
* :vytask:`T4992` ``Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set``
* :vytask:`T4993` ``Can't delete conntrack ignore rule``
* :vytask:`T5009` ``op-mode command: restart dhcp relay-agent not working``
* :vytask:`T5011` ``Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped``
* :vytask:`T5017` ``Bug with validator interface-name``
* :vytask:`T5047` ``Recreate only a specific container``
* :vytask:`T5066` ``Different GRE tunnel but same tunnel keys error``
* :vytask:`T5136` ``Possible config corruption on upgrade``
* :vytask:`T5152` ``Telegraf agent hostname isn't qualified``
* :vytask:`T5175` ``http-api: error in MultiPart parser for FastAPI version >= 0.91.0``
* :vytask:`T5176` ``http-api: update vyos-http-api-tools for FastAPI security vulnerability``
* :vytask:`T5186` ``QoS test cannot pass for 1.3``
**Other resolved issues**
* :vytask:`T1288` ``FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*)``
* :vytask:`T1875` ``Add the ability to use network address as BGP neighbor (bgp listen range)``
* :vytask:`T2913` ``Failure to install fpm while building builder docker image``
* :vytask:`T3083` ``Add feature event-handler``
* :vytask:`T3608` ``Standardize warnings from configure scripts``
* :vytask:`T3810` ``webproxy squidguard rules don't work properly after rewriting to python.``
* :vytask:`T4122` ``interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?)``
* :vytask:`T4262` ``install image doesn't respect chosen root partition size``
* :vytask:`T4381` ``OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command``
* :vytask:`T4511` ``IPv6 DNS lookup``
* :vytask:`T4625` ``Update ocserv to current revision (1.1.6)``
* :vytask:`T4652` ``Upgrade PowerDNS recursor to 4.7 series``
* :vytask:`T4798` ``Migrate the file-exists validator away from Python``
* :vytask:`T4832` ``dhcp: Add IPv6-only dhcp option support (RFC 8925)``
* :vytask:`T4875` ``Replace Python validator 'interface-name' to avoid Python startup cost``
* :vytask:`T4900` ``Cache intermediary results of get_config_diff in Config instance``
* :vytask:`T4906` ``ipsec connections shows only one connection as up``
* :vytask:`T4925` ``Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2``
* :vytask:`T4999` ``vyos.util backport dict_search_recursive``
* :vytask:`T5007` ``Interface multicast setting is invalid``
* :vytask:`T5008` ``MACsec CKN of 32 chars is not allowed in CLI, but works fine``
* :vytask:`T5111` ``pppd-dns.service startup failed``
* :vytask:`T5243` ``Default route is inactive if an interface has multiple ip addresses of the same subnet in 1.3.2 Equuleus``
1.3.2 (7th November 2022)
=========================
**New features and improvements**
* :vytask:`T1375` ``Add clear dhcp server lease function``
* :vytask:`T2580` ``Support for ip pools for ippoe``
* :vytask:`T2683` ``no dual stack in system static-host-mapping host-name``
* :vytask:`T2763` ``New SNMP resource request - SNMP over TCP``
* :vytask:`T3318` ``Update Linux Kernel to v5.4.208 / 5.10.142``
* :vytask:`T3785` ``Add unicode support to configtree backend``
* :vytask:`T4260` ``Extend vyos.configdict.node_changed() to support recursiveness``
* :vytask:`T4315` ``Telegraf - Output to prometheus``
* :vytask:`T4336` ``isis: add support for MD5 authentication password on a circuit``
* :vytask:`T4346` ``Deprecate "system ipv6 disable" option to disable address family within OS kernel``
* :vytask:`T4373` ``PPPoE-server add multiplier option for shaper``
* :vytask:`T4395` ``Extend show vpn debug``
* :vytask:`T4421` ``Add support for floating point numbers in the numeric validator``
* :vytask:`T4442` ``HTTP API add action "reset"``
* :vytask:`T4456` ``NTP client in VRF tries to bind to interfaces outside VRF, logs many messages``
* :vytask:`T4489` ``MPLS sysctl not persistent for tunnel interfaces``
* :vytask:`T4507` ``IPoE-server add multiplier option for shaper``
* :vytask:`T4509` ``Feature Request: DNS64``
* :vytask:`T4515` ``Reduce telegraf binary size``
* :vytask:`T4522` ``bond: add ability to specify mii monitor interval via CLI``
* :vytask:`T4584` ``hostap: create custom package build``
* :vytask:`T4614` ``OpenConnect split-dns directive``
* :vytask:`T4647` ``Add Google Virtual NIC (gVNIC) support``
**Bug fixes**
* :vytask:`T2194` ``"show firewall" garbled output``
* :vytask:`T2654` ``Multiple names unable to be assigned to the same static mapping``
* :vytask:`T3507` ``Bond with mode LACP show u/u in show interfaces even if peer is not configured``
* :vytask:`T3714` ``Some sysctl custom parameters disappear after reboot``
* :vytask:`T4206` ``Policy Based Routing with DHCP Interface Issue``
* :vytask:`T4230` ``OpenVPN server configuration deleted after reboot when using a VRRP virtual-address``
* :vytask:`T4294` ``Adding a new openvpn-option does not restart the OpenVPN process``
* :vytask:`T4313` ``"generate public-key-command" throws unhandled exceptions when it cannot retrieve the key``
* :vytask:`T4319` ``The command "set system ipv6 disable" doesn't work as expected.``
* :vytask:`T4324` ``wwan: check alive script should only be run via cron if a wwan interface is configured at all``
* :vytask:`T4330` ``MTU settings cannot be applied when IPv6 is disabled``
* :vytask:`T4331` ``IPv6 link local addresses are not configured when an interface is in a VRF``
* :vytask:`T4337` ``isis: IETF SPF delay algorithm can not be configured - results in vyos.frr.CommitError``
* :vytask:`T4338` ``wwan: changing interface description should not trigger reconnect``
* :vytask:`T4339` ``wwan: tab-completion results in "No such file or directory" if there is no WWAN interface``
* :vytask:`T4341` ``login: disable user-account prior to deletion and wait until deletion is complete``
* :vytask:`T4350` ``DMVPN opennhrp spokes dont work behind NAT``
* :vytask:`T4354` ``Slave interfaces fall out from bonding during configuration change``
* :vytask:`T4361` ```vyos.config.exists()` does not work for nodes with multiple values``
* :vytask:`T4363` ``salt-minion: default mine_interval option is not set``
* :vytask:`T4366` ``geneve: interface is removed on changes to e.g. description``
* :vytask:`T4369` ``OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node``
* :vytask:`T4388` ``dhcp-server: missing constraint on tftp-server-name option``
* :vytask:`T4405` ``DHCP client sometimes ignores `no-default-route` option of an interface``
* :vytask:`T4441` ``wwan: connection not possible after a change added after 1.3.1-S1 release``
* :vytask:`T4447` ``DHCPv6 prefix delegation `sla-id` limited to 128``
* :vytask:`T4468` ``web-proxy source group cannot start with a number bug``
* :vytask:`T4510` ``set system static-host-mapping doesn't allow IPv4 and IPv6 for same name.``
* :vytask:`T4513` ``Webproxy monitor commands do not work``
* :vytask:`T4521` ``bond: ARP monitor interval is not configured despite set via CLI``
* :vytask:`T4525` ``Delete interface from VRF and add it to bonding error``
* :vytask:`T4527` ``Prevent to create VRF name default``
* :vytask:`T4532` ``Flow-accounting IPv6 server/receiver bug``
* :vytask:`T4534` ``bond: bridge: error out if member interface is assigned to a VRF instance``
* :vytask:`T4537` ``MACsec not working with cipher gcm-aes-256``
* :vytask:`T4538` ``Macsec does not work correctly when the interface status changes.``
* :vytask:`T4565` ``vlan aware bridge not working with - Kernel: T3318: update Linux Kernel to v5.4.205 #249``
* :vytask:`T4572` ``Add an option to force interface MTU to the value received from DHCP``
* :vytask:`T4579` ``bridge: can not delete member interface CLI option when VLAN is enabled``
* :vytask:`T4592` ``macsec: can not create two interfaces using the same source-interface``
* :vytask:`T4616` ``openconnect: KeyError: 'local_users'``
* :vytask:`T4618` ``Traffic policy not set on virtual interfaces``
* :vytask:`T4632` ``VLAN-aware bridge not working``
* :vytask:`T4653` ``Interface offload options are not applied correctly``
* :vytask:`T4666` ``EAP-TLS no longer allows TLSv1.0 after T4537, T4584``
**Other resolved issues**
* :vytask:`T4415` ``Include license/copyright files in the image but remove user documentation from /usr/share/doc to reduce its size``
* :vytask:`T4430` ``Show firewall output with visual shift default rule``
* :vytask:`T4629` ``Raised ConfigErrors contain dict instead of only the dict key``
* :vytask:`T4654` ``RPKI cache incorrect description``
1.3.1 (21th March 2022)
=======================
**Security**
* :vytask:`T4204` ``Update Accel-PPP to a newer revision``
* :vytask:`T4310` ``CVE-2022-0778: infinite loop in OpenSSL certificate parsing``
* :vytask:`T4311` ``CVE-2021-4034: local privilege escalation in PolKit``
**Configuration syntax changes (automatically migrated)**
* :vytask:`T1972` ``Allow setting interface name for virtual_ipaddress in VRRP VRID``
* :vytask:`T4273` ``ssh: Upgrade from 1.2.X to 1.3.0 breaks config``
**New features and improvements**
* :vytask:`T1972` ``Allow setting interface name for virtual_ipaddress in VRRP VRID``
* :vytask:`T2400` ``OpenVPN: dont restart server if no need``
* :vytask:`T2764` ``Increase maximum number of NAT rules``
* :vytask:`T3164` ``console-server ssh does not work with RADIUS PAM auth``
* :vytask:`T3299` ``Allow the web proxy service to listen on all IP addresses``
* :vytask:`T3854` ``Missing op-mode commands for conntrack-sync``
* :vytask:`T3872` ``Add configurable telegraf monitoring service``
* :vytask:`T4055` ``Add VRF support for HTTP(S) API service``
* :vytask:`T4100` ``Firewall increase maximum number of rules``
* :vytask:`T4120` ``[VXLAN] add ability to set multiple unicast-remotes``
* :vytask:`T4128` ``keepalived: Upgrade package to add VRF support``
* :vytask:`T4261` ``MACsec: add DHCP client support``
**Bug fixes**
* :vytask:`T2922` ``The `vpn ipsec logging log-modes` miss the IPSec daemons state check``
* :vytask:`T3380` ``"show vpn ike sa" does not display IPv6 peers``
* :vytask:`T3686` ``Bridging OpenVPN tap with no local-address breaks``
* :vytask:`T3914` ``VRRP rfc3768-compatibility doesn't work with unicast peers``
* :vytask:`T3924` ``VRRP stops working with VRF``
* :vytask:`T4002` ``firewall group network-group long names restriction incorrect behavior``
* :vytask:`T4081` ``VRRP health-check script stops working when setting up a sync group``
* :vytask:`T4087` ``IPsec IKE-group proposals limit of 10 pieces``
* :vytask:`T4092` ``IKEv2 mobike commit failed with DMVPN nhrp``
* :vytask:`T4093` ``SNMPv3 snmpd.conf generation bug``
* :vytask:`T4101` ``commit-archive: Use of uninitialized value $source_address in concatenation``
* :vytask:`T4104` ``RAID1: "add raid md0 member sda1" does not restore boot sector``
* :vytask:`T4110` ``[IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0``
* :vytask:`T4141` ``Set high-availability vrrp sync-group without members error``
* :vytask:`T4142` ``Input ifbX interfaces not displayed in op-mode``
* :vytask:`T4152` ``NHRP shortcut-target holding-time does not work``
* :vytask:`T4154` ``Error add second gre tunnel with the same source interface``
* :vytask:`T4165` ``Custom conntrack rules cannot be deleted``
* :vytask:`T4168` ``IPsec VPN is impossible to restart when DMVPN is configured``
* :vytask:`T4183` ``IPv6 link-local address not accepted as wireguard peer``
* :vytask:`T4184` ``NTP allow-clients address doesn't work it allows to use ntp server for all addresses``
* :vytask:`T4191` ``Lost access to host after VRF re-creating``
* :vytask:`T4196` ``DHCP server client-prefix-length parameter results in non-functional leases``
* :vytask:`T4203` ``Reconfigure DHCP client interface causes brief outages``
* :vytask:`T4226` ``VRRP transition-script does not work for groups name which contains -(minus) sign``
* :vytask:`T4228` ``bond: OS error thrown when two bonds use the same member``
* :vytask:`T4233` ``ssh: sync regex for allow/deny usernames to "system login"``
* :vytask:`T4234` ``Show firewall partly broken in 1.3.x``
* :vytask:`T4237` ``Conntrack-sync error - error adding listen-address command``
* :vytask:`T4240` ``Cannot add wlan0 to bridge via configure``
* :vytask:`T4241` ``ocserv openconnect looks broken in recent bulds of 1.3 Equuleus``
* :vytask:`T4242` ``ethernet speed/duplex can never be switched back to auto/auto``
* :vytask:`T4258` ``[DHCP-SERVER] error parameter on Failover``
* :vytask:`T4259` ``The conntrackd daemon can be started wrongly``
* :vytask:`T4263` ``vyos.util.leaf_node_changed() dos not honor valueLess nodes``
* :vytask:`T4264` ``vxlan: interface is destroyed and rebuild on description change``
* :vytask:`T4267` ``Error - Missing required "ip key" parameter``
* :vytask:`T4273` ``ssh: Upgrade from 1.2.X to 1.3.0 breaks config``
* :vytask:`T4297` ``Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings``
* :vytask:`T4377` ``generate tech-support archive includes previous archives``
**Other resolved issues**
* :vytask:`T4227` ``Typo in help completion of hello-time option of bridge interface``
* :vytask:`T4255` ``Unexpected print of dict bridge on delete``
* :vytask:`T4476` ``Next steps after installation is not communicated properly to new users``
1.3.0 (21th December 2021)
==========================
**Breaking changes**
* :vytask:`T3350` ``OpenVPN config file generation broken``
* :vytask:`T3866` ``Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax``
**Configuration syntax changes (automatically migrated)**
* :vytask:`T2162` ``migration script for router-advert sets link-mtu 0 on bridge interfaces``
* :vytask:`T2691` ``Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch``
* :vytask:`T3293` ``RPKI migration script errors out after CLI rewrite``
**New features and improvements**
* :vytask:`T3704` ``Add ability to interact with Areca RAID adapers``
* :vytask:`T3745` ``op-mode IPSec show vpn ipse sa sorting``
* :vytask:`T3912` ``Use a more informative default post-login banner``
* :vytask:`T3945` ``Add route-map for bgp aggregate-address``
* :vytask:`T3971` ``Ability to build ISO images for XCP-NG hypervisor``
* :vytask:`T4012` ``Add VRF support for TFTP``
* :vytask:`T4013` ``Add pkg cloudwatch for AWS images``
* :vytask:`T4046` ``Sflow - Add Source address parameter``
* :vytask:`T4049` ``support command-style output with compare command``
* :vytask:`T4082` ``Add op mode command to restart ldpd``
* :vytask:`T4084` ``Dehardcode the default login banner``
**Bug fixes**
* :vytask:`T1624` ``Failed to set up config session``
* :vytask:`T1710` ``[equuleus] buster: add patch to fix live-build missing key error``
* :vytask:`T1847` ``set_level incorrectly handles path given as empty string``
* :vytask:`T1876` ``IPSec VTI tunnels are deleted after rekey and dangling around as A/D``
* :vytask:`T2009` ``Ethernet Interface always stays down``
* :vytask:`T2022` ``When RADIUS config is active, local logins won't work``
* :vytask:`T2082` ``WireGuard broken after merging T2057``
* :vytask:`T2158` ``Commit fails if ethernet interface doesn't support flow control (pause)``
* :vytask:`T2162` ``migration script for router-advert sets link-mtu 0 on bridge interfaces``
* :vytask:`T2164` ``Package libstrongswan-standard-plugins missing from image``
* :vytask:`T2167` ``vyos.ifconfig.get_mac() broken``
* :vytask:`T2176` ``'WiFiIf' object has no attribute 'set_state'``
* :vytask:`T2177` ``Commit fails on adding disabled interface to bridge``
* :vytask:`T2241` ``Changing settings on an interface causes it to fall out of bridge``
* :vytask:`T2273` ``OpenVPN no longer starts in latest rolling, migrate to systemd``
* :vytask:`T2283` ``openvpn not starting: ccd path in template not moved to /run/openvpn/ccd``
* :vytask:`T2293` ``OpenVPN: UnboundLocalError after merging server_network PullRequest``
* :vytask:`T2318` ``dns-forwarding migration script breaks with invalid interface name``
* :vytask:`T2337` ``hw-id gone missing from interfaces after upgrade to 1.3-rolling-202004191028``
* :vytask:`T2427` ``Interface addressing broken since fix for T2372 was merged``
* :vytask:`T2466` ``live-build encounters apt dependency problem when building with local packages``
* :vytask:`T2578` ``ipaddrcheck unaware of /31 host addresses - can no longer assign /31 mask to interface addresses``
* :vytask:`T2600` ``RADIUS system login configuration rendered wrongly``
* :vytask:`T2624` ``Serial Console: fix migration script for configured powersave and no console``
* :vytask:`T2642` ``sshd fails to start due to configuration error``
* :vytask:`T2678` ``High RAM usage on SSH logins with lots of IPv6 routes in the routing table.``
* :vytask:`T2682` ``VRF aware services - connection no longer possible after system reboot``
* :vytask:`T2691` ``Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch``
* :vytask:`T2746` ``IPv6 link-local addresses not configured``
* :vytask:`T2758` ``router-advert: 'infinity' is not a valid integer number``
* :vytask:`T2886` ``RADIUS authentication broken only returns operator level``
* :vytask:`T2894` ``bond: lacp: member interfaces get removed once bond interface has vlans configured``
* :vytask:`T2952` ``configd: timeout breaks synchronization of messages, causing freeze``
* :vytask:`T3208` ``Does not possible to change user password``
* :vytask:`T3350` ``OpenVPN config file generation broken``
* :vytask:`T3370` ``dhcp: Invalid domain name "private"``
* :vytask:`T3699` ``login: verify selected "system login user" name is not already used by the base system.``
* :vytask:`T3707` ``Ping incorrect ip host checks``
* :vytask:`T3822` ``OpenVPN processes do not have permission to read key files generated with `run generate openvpn key```
* :vytask:`T3866` ``Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax``
* :vytask:`T3886` ``DHCP server can not start``
* :vytask:`T3887` ``Removal of IPv6 BGP-peer with peer-group may trigger problems``
* :vytask:`T3913` ``VRF traffic fails after upgrade from 1.3.0-RC6 to 1.3.0-EPA1/2``
* :vytask:`T3934` ``Openconnect VPN broken: ocserv-worker general protection fault on client connect``
* :vytask:`T3962` ``Image cannot be built without open-vm-tools``
* :vytask:`T3972` ``Removing vif-c interface raises KeyError``
* :vytask:`T4015` ``Update Accel-PPP to a newer revision``
* :vytask:`T4019` ``Smoketests for SSTP and openconnect fails``
* :vytask:`T4033` ``VRRP - Error security when setting scripts``
* :vytask:`T4035` ``Geneve interfaces aren't displayed by operational mode commands``
* :vytask:`T4052` ``Validator return traceback on VRRP configuration with the script path not in config dir``
* :vytask:`T4053` ``VRRP impossible to set scripts out of the /config directory``
* :vytask:`T4167` ``DMVPN apply wrong param on the first configuration``
* :vytask:`T4201` ``Firewall - ICMPv6 matches not working as expected on 1.3.0``
* :vytask:`T4268` ``Elevated LA while using VyOS monitoring feature``
* :vytask:`T4296` ``Interface config injected by Cloud-Init may interfere with VyOS native``
* :vytask:`T4344` ``DHCP statistics not matching, conf-mode generates incorrect pool name with dash``
* :vytask:`T4571` ``Sflow with vrf configured does not use vrf to validate agent-address IP from vrf-configured interfaces``
**Other resolved issues**
* :vytask:`T1497` ``"set system name-server" generates invalid/incorrect resolv.conf``
* :vytask:`T1606` ``Rolling release no longer boots after adding hostname daemon``
* :vytask:`T1676` ``[equuleus] buster: update GRUB boot parameters during upgrade``
* :vytask:`T2129` ``XML schema: tagNode not allowed on first level in new XML op-mode definition``
* :vytask:`T2389` ``BGP community-list unknown command``
* :vytask:`T2722` ``get_config_dict() and key_mangling=('-', '_') will alter CLI data for tagNodes``
* :vytask:`T3182` ``Main blocker Task for FRR 7.4/7.5 series update``
* :vytask:`T3293` ``RPKI migration script errors out after CLI rewrite``
* :vytask:`T3302` ``Make vyos-configd relay stdout from scripts to the user's console``
* :vytask:`T3687` ``IS-IS is missing IPv6 support``
* :vytask:`T3689` ``static ipv6 route doesn't deleted in some cases``
* :vytask:`T3695` ``OpenConnect reports commit success when ocserv fails to start due to SSL cert/key file issues``
* :vytask:`T3697` ``Impossible to delete IPsec completely``
* :vytask:`T3711` ``service router-advert interface <name> dnssl option has no effects``
* :vytask:`T3725` ``show configuration in json format``
* :vytask:`T3735` ``Configuration with multiple network addresses of firewall network-group via colud-init fails``
* :vytask:`T4065` ``IPSEC configuration error: connection to unix:///var/run/charon.ctl failed: No such file or directory``
* :vytask:`T4088` ``Fix typo in login banner``
* :vytask:`T4115` ``reboot in <x> not working as expected``
* :vytask:`T4198` ``Error shown on commit``
1.3.0-epa3 (5th November 2021)
==============================
**Configuration syntax changes (automatically migrated)**
* :vytask:`T3925` ``Tunnel: dhcp-interface not implemented - use source-interface instead``
**New features and improvements**
* :vytask:`T3927` ``Kernel: Enable kernel support for HW offload of the TLS protocol``
* :vytask:`T3942` ``Generate IPSec debug archive from op-mode``
**Bug fixes**
* :vytask:`T3610` ``DHCP-Server creation for not primary IP address fails``
* :vytask:`T3846` ``dmvpn configuration not reapllied after "restart vpn"``
* :vytask:`T3921` ``tunnel: KeyError when using dhcp-interface``
* :vytask:`T3922` ``NHRP: delete fails``
* :vytask:`T3925` ``Tunnel: dhcp-interface not implemented - use source-interface instead``
* :vytask:`T3926` ``strip-private does not sanitize "cisco-authentication" from NHRP configuration``
* :vytask:`T3941` ``"show vpn ipsec sa" shows established time of parent SA not child SA's``
* :vytask:`T3943` ``"netflow source-ip" prevents image upgrades if IP address does not exist locally``
* :vytask:`T3944` ``VRRP fails over when adding new group to master``
* :vytask:`T3954` ``FTDI cable makes VyOS sagitta latest hang, /dev/serial unpopulated, config system error``
* :vytask:`T3956` ``GRE tunnel - unable to move from source-interface to source-address, commit error``
* :vytask:`T4004` ``IPsec ike-group parameters are not saved correctly (after reboot)``
* :vytask:`T4034` ``"make xcp-ng-iso" still includes vyos-xe-guest-utilities``
**Other resolved issues**
* :vytask:`T3188` ``Tunnel local-ip to dhcp-interface Change Fails to Update``
* :vytask:`T3341` ``Wrong behavior of the "reset vpn ipsec-peer XXX tunnel XXX" command``
* :vytask:`T3626` ``Configuring and disabling DHCP Server``
* :vytask:`T3918` ``DHCPv6 prefix delegation incorrect verify error``
* :vytask:`T3920` ``dhclient exit hook script 01-vyos-cleanup causes too many arguments error``
* :vytask:`T3990` ``WATCHFRR: crashlog and per-thread log buffering unavailable (due to files left behind in /var/tmp/frr/ after reboot)``
* :vytask:`T4005` ``Feature Request: IPsec IKEv1 + IKEv2 for one peer``
1.3.0-epa2 (18th October 2021)
==============================
**New features and improvements**
* :vytask:`T3277` ``DNS Forwarding - reverse zones``
* :vytask:`T3885` ``dhcpv6-pd: randomly generated DUID is not persisted``
* :vytask:`T3890` ``dhcp(v6): provide op-mode commands to retrieve both server and client logfiles``
* :vytask:`T3899` ``Add support for hd44780 LCD displays``
**Bug fixes**
* :vytask:`T3750` ``pdns-recursor 4.4 issue with dont-query and private DNS servers``
* :vytask:`T3874` ``D-Link Ethernet Interface not working.``
* :vytask:`T3877` ``VRRP always enabled rfc3768-compatibility even when not specified``
* :vytask:`T3878` ``get_config_dict() no_tag_node_value_mangle has no effect``
* :vytask:`T3879` ``GPG key verification fails when upgrading from a 1.3 beta version``
* :vytask:`T3883` ``VRF - Delette vrf config on interface``
* :vytask:`T3893` ``MGRE Tunnel commit crash If sit tunnel available``
* :vytask:`T3894` ``Tunnel Commit Failed if system does not have `eth0```
* :vytask:`T3904` ``NTP pool associations silently fail``
**Other resolved issues**
* :vytask:`T3422` ``Dynamic DNS doesn't allow zone field with cloudflare protocol``
* :vytask:`T3425` ``Scripts from the /config/scripts/ folder do not run on live system``
* :vytask:`T3880` ``EFI boot shows error on display``
* :vytask:`T3882` ``Upgrade PowerDNs recursor to 4.5 series``
* :vytask:`T3888` ``Incorrect warning when poweroff command executed from configure mode.``
* :vytask:`T3889` ``Migrate to journalctl when reading daemon logs``
1.3.0-epa1 (30th September 2021)
================================
**Configuration syntax changes (automatically migrated)**
* :vytask:`T3672` ``DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output``
* :vytask:`T3779` ``Backport all 1.4 IS-IS features and configuration to 1.3 except VRF``
* :vytask:`T3804` ``cli: Migrate and merge "system name-servers-dhcp" into "system name-server"``
* :vytask:`T3842` ``Backport DHCP server improvements from VyOS 1.4 sagitta to 1.3 equuleus``
**New features and improvements**
* :vytask:`T1099` ``Openvpn: use config files instead of one long command.``
* :vytask:`T1154` ``use of local cache to build iso``
* :vytask:`T1176` ``FRR - BGP replicating routes``
* :vytask:`T1350` ``VRRP transition script will be executed once only``
* :vytask:`T3716` ``Linux kernel parameters ignore_routes_with_link_down- ignore disconnected routing connections``
* :vytask:`T3779` ``Backport all 1.4 IS-IS features and configuration to 1.3 except VRF``
* :vytask:`T3789` ``Add custom validator for base64 encoded CLI data``
* :vytask:`T3803` ``Add source-address option to the ping CLI``
* :vytask:`T3804` ``cli: Migrate and merge "system name-servers-dhcp" into "system name-server"``
* :vytask:`T3840` ``dns forwarding: Cache size should allow values > 10k``
* :vytask:`T3841` ``dhcp-server: add ping-check option to CLI``
* :vytask:`T3842` ``Backport DHCP server improvements from VyOS 1.4 sagitta to 1.3 equuleus``
* :vytask:`T3857` ``reboot: send wall message to all users for information``
* :vytask:`T3859` ``Add "log-adjacency-changes" to ospfv3 process``
**Bug fixes**
* :vytask:`T945` ``Unable to change configuration after changing it from script (vbash + script-template)``
* :vytask:`T1148` ``epa2 BGP peers initiate before config is fully loaded, routes leak.``
* :vytask:`T1249` ``multiple PBR rules can set to a single interface``
* :vytask:`T1894` ``FRR config not loaded after daemons segfault or restart``
* :vytask:`T2019` ``LLDP wrong config generation for interface 'all'``
* :vytask:`T2127` ``restart dhcp server reports a failure``
* :vytask:`T2161` ``snmpd cannot start if ipv6 disabled``
* :vytask:`T2328` ``dhcpv6 server not starting (disable check reversed?)``
* :vytask:`T2430` ``cannot delete specific route static next-hop``
* :vytask:`T2432` ``dhcpd: Can't create new lease file: Permission denied``
* :vytask:`T2434` ``Duplicate Address Detection Breaks Interfaces``
* :vytask:`T2525` ``OSPFv3 missing route map, not establishing``
* :vytask:`T2623` ``Creating sit tunnel fails with “Can not set “local” for tunnel sit tun1 at tunnel creation”``
* :vytask:`T2738` ``Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization``
* :vytask:`T2759` ``validate-value prints error messages from validators that fail even if overall validation succeeds``
* :vytask:`T2800` ``Pseudo-Ethernet: source-interface must not be member of a bridge``
* :vytask:`T2895` ``VPN IPsec "leftsubnet" declared 2 times``
* :vytask:`T2920` ``Commit crash when adding the second mGRE tunnel with the same key``
* :vytask:`T2931` ``Unicode decode error causes vyos.configd service to restart``
* :vytask:`T2941` ``Using a non-ASCII character in the description field causes UnicodeDecodeError in configsource.py``
* :vytask:`T3076` ``Router reboot adds unwanted 'conntrack-sync mcast-group '225.0.0.50'' line to configuration``
* :vytask:`T3196` ``No NAT translations showing up``
* :vytask:`T3219` ``Typo in openvpn server client config for IPv6 iroute``
* :vytask:`T3601` ``Error in ssh keys for vmware cloud-init if ssh keys is left empty.``
* :vytask:`T3637` ``vrf: bind-to-all didn't work properly``
* :vytask:`T3672` ``DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output``
* :vytask:`T3708` ``isisd and gre-bridge commit error``
* :vytask:`T3731` ``verify_accel_ppp_base_service return wrong config error for SSP``
* :vytask:`T3738` ``openvpn fails if server and authentication are configured``
* :vytask:`T3740` ``HTTPs API breaks when the address is IPv6``
* :vytask:`T3756` ``VyOS generates invalid QR code for wireguard clients``
* :vytask:`T3772` ``VRRP virtual interfaces are not shown in show interfaces``
* :vytask:`T3773` ``Delete the "show system integrity" command (to prepare for a re-implementation)``
* :vytask:`T3777` ``adding IPv6 EUI64 address fails commit in 1.3.0-rc6``
* :vytask:`T3781` ``Revert the NAT implementation in 1.3 back to iptables``
* :vytask:`T3782` ``Ingress Shaping with IFB No Longer Functional with 1.3``
* :vytask:`T3783` ``"set protocols isis spf-delay-ietf" is not working``
* :vytask:`T3786` ``GRE tunnel source address 0.0.0.0 error``
* :vytask:`T3788` ``Keys are not allowed with ipip and sit tunnels``
* :vytask:`T3790` ``Does not possible to configure PPTP static ip-address to users``
* :vytask:`T3792` ``login: A hypen present in a username from "system login user" is replaced by an underscore``
* :vytask:`T3797` ``show interface errors with vrrp configuration``
* :vytask:`T3802` ``Commit fails if ethernet interface doesn't support flow control``
* :vytask:`T3805` ``OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface``
* :vytask:`T3806` ``Don't set link local ipv6 address if MTU less then 1280``
* :vytask:`T3807` ``Op Command "show interfaces wireguard" does not show the output``
* :vytask:`T3808` ``ipsec is mistakenly restarted after delete``
* :vytask:`T3816` ``Error after entering outbound-interface command in NAT``
* :vytask:`T3850` ``Dots are no longer allowed in SSH public key names``
* :vytask:`T3860` ``Error on pppoe, tunnel and wireguard interfaces for IPv6 EUI64 addresses``
* :vytask:`T3867` ``vxlan: multicast group address is not validated``
**Other resolved issues**
* :vytask:`T1202` ``Add `hvinfo` to the packages directory``
* :vytask:`T1214` ``Add `ipaddrcheck` to the packages directory``
* :vytask:`T1236` ``Update Linux Kernel``
* :vytask:`T2027` ``get_config_dict is failing when the configuration section is empty/missing``
* :vytask:`T2555` ``XML op-mode generation scripts silently discard XML nodes``
* :vytask:`T2727` ``Add a dotted decimal value validator``
* :vytask:`T2927` ``isc-dhcpd release and expiry events never execute``
* :vytask:`T3217` ``Save FRR configuration on each commit``
* :vytask:`T3234` ``multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions``
* :vytask:`T3254` ``Dynamic DNS status shows incorrect last update time``
* :vytask:`T3291` ``Fault on setting offload RPS with single-core CPU``
* :vytask:`T3362` ``1.3 - RC1 ifb redirect failing to commit``
* :vytask:`T3381` ``Change GRE tunnel failed``
* :vytask:`T3396` ``syslog can't be configured with an ipv6 literal destination in 1.2.x``
* :vytask:`T3431` ``Show version all bug``
* :vytask:`T3537` ``Unable to override the default OSPFv3 link cost for wireguard interface``
* :vytask:`T3634` ``Add op command option for ping for do not fragment bit to be set``
* :vytask:`T3683` ``VXLAN not accept ipv6 and source-interface options and mtu bug``
* :vytask:`T3730` ``op-mode conntrack-sync miss some functions``
* :vytask:`T3732` ``override-default helper should support adding defaultValues to default less nodes``
* :vytask:`T3768` ``Remove early syntaxVersion implementation``
* :vytask:`T3776` ``Rename FRR daemon restart op-mode commands``
* :vytask:`T3814` ``wireguard: commit error showing incorrect peer name from the configured name``
* :vytask:`T3819` ``Upgrade Salt Stack 3002.3 -> 3003 release train``
* :vytask:`T3820` ``PowerDNS recursor - update from 4.3 -> 4.4 to sync with current``
Reference in New Issue View Git Blame Copy Permalink