VyOS Networks Blog

Building an open source network OS for the people, together.

VyOS 1.3.0-epa3 release

Daniil Baturin
Posted 5 Nov, 2021


VyOS 1.3.0-epa3 release is available now. The generic ISO image is available publicly, while subscribers can access additional flavors through the support portal. This release fixes a number of bugs found in earlier versions. If no serious bugs are found, it will also become the last "early production access" release and the next image will be the first official 1.3.0 LTS release.

Most of bug fixes are related to the IPsec subsystem, and the show vpn ipsec sa commands in particular. However, there's also one new feature in that area: a command to generate an archive with IPsec logs, generate ipsec debug-archive.

There's also a configuration syntax change: the old dhcp-interface option under tunnel interfaces is now source-interface, and old configurations files are automatically updated on boot to account for that change.

What's next?

If everything goes fine and no blocker bugs are found, 1.3/Equuleus will officially become the new LTS release—the second LTS branch in the VyOS project history. When it's official, we will stop making new publicly accessible 1.3.x images and switch the monthly snapshot build process to the upcoming 1.4/Sagitta branch. Remember that we offer free LTS release subscriptions to contributors, so if you are contributing and don't yet have one, feel free to apply.

The old 1.2/Crux branch will receive fixes for critical bugs and security vulnerabilities at least until the Q2 of 2022. Even though its base system, Debian Jessie, reached EOL, we can keep it updated by ourselves and with help from the Freexian ELTS team.

VyOS 1.3.x branch will also be supported for at least three years from now. For at least the first two years it will receive feature backports from the upcoming 1.4 branch, and then it will go to maintenance mode when 1.4 becomes the new LTS.


Configuration syntax changes (automatically migrated)

  • T3925: Tunnel: dhcp-interface not implemented - use source-interface instead

New features and improvements

  • T3318: Update Linux Kernel to v5.4.155 / 5.10.75
  • T3927: Kernel: Enable kernel support for HW offload of the TLS protocol
  • T3942: Generate IPSec debug archive from op-mode

Bug fixes

  • T3610: DHCP-Server creation for not primary IP address fails
  • T3846: dmvpn configuration not reapllied after "restart vpn"
  • T3921: tunnel: KeyError when using dhcp-interface
  • T3922: NHRP: delete fails
  • T3925: Tunnel: dhcp-interface not implemented - use source-interface instead
  • T3926: strip-private does not sanitize "cisco-authentication" from NHRP configuration
  • T3941: "show vpn ipsec sa" shows established time of parent SA not child SA's
  • T3943: "netflow source-ip" prevents image upgrades if IP address does not exist locally
  • T3944: VRRP fails over when adding new group to master
  • T3954: FTDI cable makes VyOS sagitta latest hang, /dev/serial unpopulated, config system error
  • T3956: GRE tunnel - unable to move from source-interface to source-address, commit error

Other resolved issues

  • T3188: Tunnel local-ip to dhcp-interface Change Fails to Update
  • T3341: Wrong behavior of the "reset vpn ipsec-peer XXX tunnel XXX" command
  • T3918: DHCPv6 prefix delegation incorrect verify error
  • T3920: dhclient exit hook script 01-vyos-cleanup causes too many arguments error
The post categories: