Posted 13 Feb, 2020 by Yuriy Andamasov

VyOS 1.2.5-epa1 release

VyOS 1.2.5-epa1 preview release is now available. Everyone can build it from the crux branch, and subscribers can download it from the support portal.

This is mostly a bugfix release, but it also offers some feature backports, such as rate limiting options for the PPPoE server.

Here’s the full changelog so far:

1341 Adding rate-limiter for pppoe server users
1376 Incorrect DHCP lease counting
1392 Large firewall rulesets cause the system to lose configuration and crash at startup
1452 accel-pppoe - add vendor option to shaper
1780 Adding ipsec ike closeaction
1827 Increase default gc_thresh
1858 l2tp: Delete depricated outside-nexthop and add gateway-address
1864 Lower IPSec DPD timeout lower limit from 10s -> 2s
1879 Extend Dynamic DNS XML definition value help strings and validators
1881 Execute permissions are removed from custom SNMP scripts at commit time
1900 Enable SNMP for VRRP.
1902 Add redistribute non main table in bgp
1909 Incorrect behaviour of static routes with overlapping networks
1913 "system ipv6 blacklist" command has no effect
1914 IPv6 multipath hash policy does not apply
1934 Change default hostname when deploy from OVA without params.
1964 SNMP Script-extensions allows names with spaces, but commit fails

Our routers are already running 1.2.5, and if no bugs are discovered, we’ll make a final 1.2.5 build.

VyOS 1.2.5 going to maintenance mode

Our initial idea for LTS releases was that they will be completely feature-frozen. That turned out pretty wrong in practice because it wasn’t what people wanted, and because many features developed in the current branch do not interfere with any existing features and are safe to include in a stable release.

For a full year, we’ve been including feature backports in 1.2 releases, which enabled subscribers and community members who build from source to get those features faster and help us weed out bugs and edge cases missed during initial testing in the rolling release.

However, as 1.3 development progresses, backporting features gets much harder. We are making big changes in the 1.3 branch to eliminate legacy code and make room for new features such as VRF, and many of those are too big to backport or require config syntax changes and migration scripts, which is clearly unacceptable for an LTS release.

After the 1.2.5 release, the 1.2/crux branch will only receive bug fixes, so that we can focus on getting 1.3 ready for a release. When 1.3 is ready, it will go through a similar cycle, a year or so of feature backports and then a period of maintenance mode until the next release is ready.


Reproducible builds

A number of people rightfully complain about VyOS LTS release builds not being fully reproducible. Right now, you cannot build say 1.2.3 release because the build scripts will pull packages from today’s Debian repos and our most recent Crux repos. If you build now, you’ll end up with 1.2.5-epa1.

That’s a good point, so we are going to experiment with Debian repository snapshots from and try making snapshots of our own repos to make old builds reproducible.

That's all for today. Stay tuned for new updates!