December 18, 2018 at 12:20:06 AM CET By Daniil Baturin
VyOS 1.2.0-rc11 is available for download from https://downloads.vyos.io/?dir=testing/1.2.0-rc11.
This release candidate includes a prototype of RPKI CLI, and multiple bug fixes.
BGP advertisment validation with resource PKI is a frequently requested feature. FreeRangeRouting includes support for it, so we've made a prototype of the CLI. FRR's implementation doesn't seem flawless yet, a couple of time I crashed my BGPd with incorrect commands, so use it at your own risk. If the implementation is proved usable enough, we will include it in the final 1.2.0 release, if not, we will keep testing it in rolling releases and reporting issues to the FRR maintainers.
The simplest possible setup only needs cache address and port, like this:
set protocols rpki cache MyCache address 192.0.2.100 set protocols rpki cache MyCache port 5000
It is also possible to specify "ssh public-key-file", "ssh private-key-file", and "ssh known-hosts-file" in the "protocols rpki cache Foo" if you want to use encrypted connections to the cache server.
Please let us know if it works for you and report issues if it doesn't. You can comment on the T865.
This release is marked by pretty big package updates. Apart from including the latest FRR built from the master branch as usual, it includes Keepalived 2.0.10 and StrongSWAN 5.7.1. Please let us know if you run into any issues with VRRP or IPsec!
Additionally, we've included the guest utilities for XenServer. Preliminary testing showed some issues, like reboot through the XenCenter not working, so if you run into any, tell us.
The following issues have been resolved:
- "show ip ospf neighbor x.x.x.x" command not working (T1027).
- Config files saved while running from a livecd could not be copied to the installed system (T1047).
- "protocol all" IPsec tunnel option not working (T1048).
- Firewall, routing protocol, and QoS commands missing in wireguard interfaces (T1063, T1087).
- Incorrect MTU of PPPoE interfaces upon bootup (T1065).
- Route-map rules not allowing named (rather than numbered) community lists (T1072).
- Incomplete autocompletion in DNS forwarding (T1091).
- Unable to delete a route-map rule with "set community" option (T1093).
- All firewall rules with "recent" option using a shared table for packet tracking (T1111).