VyOS Platform Blog

Building an open source network OS for the people, together.

VyOS 1.2.7 release

Posted 24 Mar, 2021 by Yuriy Andamasov


VyOS 1.2.7 LTS release is now available to subscribers, and everyone can build an equivalent image from our repositories. This release took a while to complete, but it isn't a small maintenance release either: it includes multiple bug fixes (41 resolved issues in total) and some feature backports from the upcoming 1.3/equuleus branch. The highlights include a kernel mode L2TP implementation that makes L2TP 2x faster, a command to export a part of the configuration to JSON, Linux kernel updated to 4.19.176 and more. This is also the first release that officially supports container guest mode.

Cloud marketplace images will take some more time to get published, but you can update your cloud installations using the generic ISO image meanwhile.

Configuration export to JSON

This feature has been in the rolling release for a while already, but now it's also in the 1.2.x LTS branch. There's a new pipe in the configuration mode CLI: |json. You can use it to export any chunk of configuration to JSON. For example:

# show system name-server 

# show system name-server |  json
    "name-server": [

You can also convert a config file to JSON: vyos-config-to-json /config/config.boot

This opens up a lot of scripting opportunities. You can work with  VyOS configuration data from any language, or use existing tools like jq.

There's also a corresponding HTTP API method as well, just like in the upcoming 1.3, so that people can use the same external management tools for old and new VyOS versions.

Kernel-mode L2TP/IPsec

VyOS 1.2.x still uses xl2tpd for client L2TP connections. The upcoming 1.3 release will use accel-ppp, which offers excellent performance and many useful features, but that change would be too big and risky for an LTS release.

Still, xl2tpd supports kernel mode L2TP implementation now, so we upgraded it in 1.2.7 and enabled that module. Now client  L2TP is two times faster than it used to be.

Future plans

This is probably the last feature release in the 1.2.x line. The focus in the 1.3 release is on rewriting the old code to free it from the old design mistakes and limitations, and most of that work is not backportable, so future work on 1.2.x will be limited to bug fixes and security updates.

We aren't planning to phase out 1.2.x support any time soon: it will be supported at least until the end of 2022, with a possibility of extended support for critical issues after that.


627 IPSec configuration directive deletion fails, causes bad IPSec state on reboot.
1773 Make it possible to export config to JSON
1774 Add a show config operation to the HTTP API
1957 PPPoE server: maintenance mode
2061 protocol logs not sent to remote syslog
2310 vyos-cloud-init use global config to configure pass and ssh login
2521 Need to restart pdns-recursor to check new entries in /etc/hosts
2564 Extend VyOS to support appliance LCDs
2647 ipsec disableuniqreqids generate a wrong ipsec.conf
2841 "monitor bandwidth-test initiate" does not accept IPv6 address as option
2878 LACP / bonding: new op-mode command: show interfaces bonding bond0 detail
2891 Support to change ring-buffers from CLI
2902 "add system image" fails when appending XX to image name
2927 isc-dhcpd release and expiry events never execute
2932 The second QAT device does not start
2949 Vyos 1.2.6-S1 DNS Server does not restart automatically on commit
2954 Use kernel mode L2TP in xl2tpd
2959 PPPoE server has migrations scripts but the config version is not incremented
2972 PPPoE server rate limiter allows max 65535 kbps to be set
2973 tftp-server cannot listen on IPv6 address
2984 (igb, ixgbe) HW queues applied only for the first 2 interfaces
3016 dhcp-server: use better constraint error message on invalid subnet
3035 Allow IPv4 over IPv6 IPsec and vice versa
3037 Bgp afi ipv6-unicast capability dynamic bug
3085 IPv6 BGP Neighbor Weight
3094 Can not specify multiple deny ports in FW rule
3126 unsuppress-map doesn't work for BGP IPv4
3152 wan-load-balance does not show connections
3175 Dynamic DNS validations don't reflect supported protocols in ddclient
3194 OSPF redistribution metric issue
3197 Update Linux Kernel to v4.19.166
3237 DHCP Server Static-Mapping Validation Error
3238 Update Linux Kernel to v4.19.178
3246 OSPFv3 router ID not configured in FRR
3252 rpki: AttributeError: 'Config' object has no attribute 'return__value'
3265 RPKI: Cache-peer SSH connection misses public key portion
3292 RIPng: access-lists/prefix-list reference IPv4 and not IPv6 lists during verification
3301 Wrong format and valueHelp for policy as-path-list regex
3304 No way to use ipv4 address as next-hop in route-map
3343 Wrong output conntrack-sync status
3349 Ethernet: "disable" flag is not honored after a reboot for VIF interfaces