It’s been a long time since the time we made a new major release. A combination of factors including technical problems with the code, uncertainty about what would be right thing to do, and “life happening” to all of the maintainers at once was holding us back. Anyway, as maintainers we should make releases rather than excuses, so here’s the release. Better late than never.
Here it is: http://dev.packages.vyos.net/iso/preview/1.2.0-beta1/
Since it’s a beta and not yet a stable release, you should not install it on mission critical routers. If you run VyOS at home or a small office where some downtime is acceptable, we would like you to test it live of course. Otherwise do it on a testbed, we don’t want your network to suffer and we can’t guarantee there are no uncaught bugs.
The images are signed with our new key A0FE6D7E. It is included in the 1.1.6 image, so if you are upgrading from 1.1.6, you should be fine.
However, if you are updating from an earlier version, you will get a signature verification error. If you doubt image authenticity, you should either update to 1.1.6 first, add the key to the keyring by hand, or simply verify the signature manually.
There are some changes that can create compatibility problems.
The option for binding interrupts from certain ethernet NIC to certain CPUs was named smp_addinity (with an underscore). It was against the command naming traditions and guidelines from the beginning, but it stuck. In this release, it was renamed to smp-affinity (with a hyphen) for consistency with the rest of the config.
Config migration scripts will update your config.boot automatically for this change, so there is little to worry about (check if the config is fine after boot however!). But if you are using that command automatically in any way, remember to update your scripts.
Until now, VyOS kept using the old Vyatta OID, which is not a big deal, but it’s still wrong. We registered our own PEN with IANA and updated the SNMP configs so the system identifies itself as VyOS rather than Vyatta.
The downside is that some SNMP tools that are aware of Vyatta but not of VyOS may not identify it properly anymore.
LibreNMS had support for VyOS for a while already, and we’ve sent a patch to Observium, so if you are using one of these, you have nothing to worry about. But if you use another tool and it doesn’t work as expected, let us (and them) know and we’ll try to solve it.
Although this is less of a compatibility concern, VyOS also identifies as VyOS in LLDP now (used to be Vyatta).
Vyatta Core and then VyOS used to be an open NTP server for a long while. This was not intended and it was simply a config generation mistake, but it stuck. Having a router act as an NTP server is often convenient, but having no control over it is bad, and it can be a security problem.
Since this release, NTP server will not be enabled by default. If you want it, you can enable it for your network with set system ntp client 192.0.2.0/24 (substitute 192.0.2.0/24 with your network).
We pulled the PPPoE server from EdgeOS, so the syntax is compatible with it.
Now you can set a custom DUID for DHCPv6 client: set interfaces ethernet eth0 dhcpv6-options duid CUSTOMDUID
The syntax is set interfaces ethernet eth0 offload-options scatter-gather <On|off>
Store them in /config/scripts/commit/pre-hooks.d and /config/scripts/commit/post-hooks.d directories and they will stay with you after image upgrades.
The syntax is set system flow-accounting netflow max-flows 200000 (or another integer value).
The default value of 8192 is fine for small setups, but in large networks it can lead to dropped flow data, so if you have a lot of connections, increase it.
The syntax is analogous to all other services, find it under set service dns dynamic interface $intf service afraid
You can enable it with set interfaces … pppoe $num enable-ipv6
The list of resolved issues is quite long and it’s impractical to list them all here in the announcement.
You can find the full list of issues shcheduled for this release here: http://vyos.net/wiki/Lithium
It may change, some issues may be rescheduled. If you want to check if some known bug has been fixed, check those that are marked RESOLVED.
Please do test it. We try to test as much as possible, but bugs do get overlooked as the maintainers can’t test every possible scenario. Remember how Helium was released with broken VTI despite being in beta for a few months? Let’s try to prevent it this time.
And finally, thanks to everyone who contributed and made this possible!