VyOS 1.2.0-rc11 is available for download from https://downloads.vyos.io/?dir=testing/1.2.0-rc11.
This release candidate includes a prototype of RPKI CLI, and multiple bug fixes.
BGP advertisment validation with resource PKI is a frequently requested feature. FreeRangeRouting includes support for it, so we've made a prototype of the CLI. FRR's implementation doesn't seem flawless yet, a couple of time I crashed my BGPd with incorrect commands, so use it at your own risk. If the implementation is proved usable enough, we will include it in the final 1.2.0 release, if not, we will keep testing it in rolling releases and reporting issues to the FRR maintainers.
The simplest possible setup only needs cache address and port, like this:
set protocols rpki cache MyCache address 192.0.2.100 set protocols rpki cache MyCache port 5000
It is also possible to specify "ssh public-key-file", "ssh private-key-file", and "ssh known-hosts-file" in the "protocols rpki cache Foo" if you want to use encrypted connections to the cache server.
Please let us know if it works for you and report issues if it doesn't. You can comment on the T865.
This release is marked by pretty big package updates. Apart from including the latest FRR built from the master branch as usual, it includes Keepalived 2.0.10 and StrongSWAN 5.7.1. Please let us know if you run into any issues with VRRP or IPsec!
Additionally, we've included the guest utilities for XenServer. Preliminary testing showed some issues, like reboot through the XenCenter not working, so if you run into any, tell us.
The following issues have been resolved: