VyOS 1.2.7 release
Hello!
VyOS 1.2.7 LTS release is now available to subscribers, and everyone can build an equivalent image from our repositories. This release took a while to complete, but it isn't a small maintenance release either: it includes multiple bug fixes (41 resolved issues in total) and some feature backports from the upcoming 1.3/equuleus branch. The highlights include a kernel mode L2TP implementation that makes L2TP 2x faster, a command to export a part of the configuration to JSON, Linux kernel updated to 4.19.176 and more. This is also the first release that officially supports container guest mode.
Cloud marketplace images will take some more time to get published, but you can update your cloud installations using the generic ISO image meanwhile.
Configuration export to JSON
This feature has been in the rolling release for a while already, but now it's also in the 1.2.x LTS branch. There's a new pipe in the configuration mode CLI: |json. You can use it to export any chunk of configuration to JSON. For example:
# show system name-server
name-server 8.8.8.8
name-server 8.8.4.4
# show system name-server | json
{
"name-server": [
"8.8.8.8",
"8.8.4.4"
]
}
You can also convert a config file to JSON: vyos-config-to-json /config/config.boot
This opens up a lot of scripting opportunities. You can work with VyOS configuration data from any language, or use existing tools like jq.
There's also a corresponding HTTP API method as well, just like in the upcoming 1.3, so that people can use the same external management tools for old and new VyOS versions.
Kernel-mode L2TP/IPsec
VyOS 1.2.x still uses xl2tpd for client L2TP connections. The upcoming 1.3 release will use accel-ppp, which offers excellent performance and many useful features, but that change would be too big and risky for an LTS release.
Still, xl2tpd supports kernel mode L2TP implementation now, so we upgraded it in 1.2.7 and enabled that module. Now client L2TP is two times faster than it used to be.
Future plans
This is probably the last feature release in the 1.2.x line. The focus in the 1.3 release is on rewriting the old code to free it from the old design mistakes and limitations, and most of that work is not backportable, so future work on 1.2.x will be limited to bug fixes and security updates.
We aren't planning to phase out 1.2.x support any time soon: it will be supported at least until the end of 2022, with a possibility of extended support for critical issues after that.
Changelog
| 627 | IPSec configuration directive deletion fails, causes bad IPSec state on reboot. |
| 1773 | Make it possible to export config to JSON |
| 1774 | Add a show config operation to the HTTP API |
| 1957 | PPPoE server: maintenance mode |
| 2061 | protocol logs not sent to remote syslog |
| 2310 | vyos-cloud-init use global config to configure pass and ssh login |
| 2521 | Need to restart pdns-recursor to check new entries in /etc/hosts |
| 2564 | Extend VyOS to support appliance LCDs |
| 2647 | ipsec disableuniqreqids generate a wrong ipsec.conf |
| 2841 | "monitor bandwidth-test initiate" does not accept IPv6 address as option |
| 2878 | LACP / bonding: new op-mode command: show interfaces bonding bond0 detail |
| 2891 | Support to change ring-buffers from CLI |
| 2902 | "add system image" fails when appending XX to image name |
| 2927 | isc-dhcpd release and expiry events never execute |
| 2932 | The second QAT device does not start |
| 2949 | Vyos 1.2.6-S1 DNS Server does not restart automatically on commit |
| 2954 | Use kernel mode L2TP in xl2tpd |
| 2959 | PPPoE server has migrations scripts but the config version is not incremented |
| 2972 | PPPoE server rate limiter allows max 65535 kbps to be set |
| 2973 | tftp-server cannot listen on IPv6 address |
| 2984 | (igb, ixgbe) HW queues applied only for the first 2 interfaces |
| 3016 | dhcp-server: use better constraint error message on invalid subnet |
| 3035 | Allow IPv4 over IPv6 IPsec and vice versa |
| 3037 | Bgp afi ipv6-unicast capability dynamic bug |
| 3085 | IPv6 BGP Neighbor Weight |
| 3094 | Can not specify multiple deny ports in FW rule |
| 3126 | unsuppress-map doesn't work for BGP IPv4 |
| 3152 | wan-load-balance does not show connections |
| 3175 | Dynamic DNS validations don't reflect supported protocols in ddclient |
| 3194 | OSPF redistribution metric issue |
| 3197 | Update Linux Kernel to v4.19.166 |
| 3237 | DHCP Server Static-Mapping Validation Error |
| 3238 | Update Linux Kernel to v4.19.178 |
| 3246 | OSPFv3 router ID not configured in FRR |
| 3252 | rpki: AttributeError: 'Config' object has no attribute 'return__value' |
| 3265 | RPKI: Cache-peer SSH connection misses public key portion |
| 3292 | RIPng: access-lists/prefix-list reference IPv4 and not IPv6 lists during verification |
| 3301 | Wrong format and valueHelp for policy as-path-list regex |
| 3304 | No way to use ipv4 address as next-hop in route-map |
| 3343 | Wrong output conntrack-sync status |
| 3349 | Ethernet: "disable" flag is not honored after a reboot for VIF interfaces |
Comments