VyOS 1.2.8 and VyOS 1.3.0-rc5 are available

In this post, we announce not one, but two releases at once.

First, VyOS 1.2.8 LTS release is available to subscribers and everyone is welcome to build their own images.

Second, a VyOS 1.3.0-rc5 release candidate is also available for download for everyone, and we invite everyone to test it on lab VMs with your production configs.

VyOS 1.2.8

VyOS 1.2.8 LTS release is now available to subscribers, and everyone can build an equivalent image from our repositories. It’s a relatively small maintenance release with twenty resolved issues.

Long-term VyOS users may remember that VyOS 1.1.8 was the final release in the 1.1.x line and the last release before the stable 1.2.0. This time 1.2.8 definitely isn't going to be the last 1.2.x release because the maintenance potential of 1.2.x isn't exhausted, and there's also a bunch of fixes that can be backported from 1.3/1.4. This release also uses the Debian Extended LTS repository maintained by Freexian to pull bug fixes and security patches for the base system, which further extends possible support period for the 1.2.x line.

Whether 1.2.9 or a stable 1.3.0 release will come out first—time will tell, and it's not even a long time anymore. If you are upgrading to 1.2.8 and testing your upgrade in a VM, consider also grabbing the 1.3.0-rc5 image and upgrading your VM to it!

Changelog

Package upgrades

• Linux kernel 4.19.195

New features

• Prefix-list and route-map names can include underscores now (T3531).
• New command: protocols bgp <ASN> parameters graceful-shutdown (T3524).
• New set table option in route-maps, to allow importing routes from specific tables (T3032).

Bug fixes

• Operator level users can execute “show version” (T3521).
• The “delete log file” command works again (T3582).
• Loading configs without NTP settings no longer cause spurious migration script errors (T2809).
• Fixed an issue with firewall rules not getting deleted correctly (T3456).
• Fixed completion help for ICMP type in firewall rules (T3569).
• Fixed DHCP pool size calculation for /30 subnets in op mode (T3603).
• Fixed an unhandled exception in the dynamic DNS op mode (T3557).
• Child IPsec SA states are displayed correctly now (T1995).
• Fixed a bug with IPsec tunnel status shown as down when the tunnel is up (T3333).
• IPsec log entries now include peer name to simplify debugging (T2620).
• Fixed spurious IPsec configuration warnings for prefixes sourced from loopbacks (T2806).
• Fixed VTI interfaces incorrectly staying up when disabled (T2855).
• Fixed a bug with OSPFv3 BFD configuration script using an incorrect interface name (T3149).
• Fixed an extended community validation issue (T3632).
• Fixed a bug that prevented deletion of route-maps with an aggregator AS option (T3479).
• OVA configuration parameters now allow using CIDR prefix length instead of a subnet mask (T3653).

VyOS 1.3.0-rc5

We haven't made an official 1.3 release candidate in a while, which doesn't mean work on the 1.3 branch slowed down. In fact, a number of us are already running 1.3 builds in production successfully. Still, some people prefer an official, named release candidate, so we've made an image.

Let us know if anything in 1.3 is not working as expected for you. With your help we can make a stable release sooner, and we are also happy to issue contributor subscriptions to active testers.

You can watch the full 1.3.0 release changelog using this Phabricator query. The major highlights of this release are as follows:

Features

• New commands:

  • show hardware storage command with SMART status and NVMe device information subcommands.
  • show version kernel and show log kernel commands to display the kernel version and logs, respectively.
  • clear log to vacuum system logs.
  • restart subcommand for OpenConnect server.
• Wireless WAN (WWAN) improvements:
  • Renamed from wirelessmodem/wlm to just wwan in the CLI.
  • WWAN interfaces now support access point name (APN) authentication.
  • Qualcomm MSM Interface (QMI) can now be used to communicate with WWAN cards.
• Large receive offload (LRO) can now be enabled on Ethernet interfaces.
• Individual routes can now be specified to be advertised in IPv6 route advertisements.

Upgrades

• The kernel was updated to Linux 5.4.129 LTS.
• FRR was updated to 7.5.1.

Bug fixes

• show dynamic dns status sometimes used to show 0 as time.
• show disk sometimes used to output nothing.

Other

• The default time to live (TTL) value for tunnels is now 64 instead of 0 (inherited).
• DHCP server no longer allows overlapping ranges to be created.
• Deprecated OpenVPN options were removed:
  
  • compat-names: OpenSSL-style slash separated X.509 subject fields are no longer allowed.
  • disable-ncp: The option to disable cipher negotiation was removed from the interface.

As always, please test and report bugs!

Thank you, All!