VyOS Networks Blog

Building an open source network OS for the people, together.

VyOS 1.3.2 LTS release

Daniil Baturin
Posted 7 Sep, 2022

Hello, community!

VyOS 1.3.2 LTS release is now available for subscribers to download and for everyone to build. It features over a dozen improvements and about fifty fixes for bugs and other issues. Among them is a command to remove DHCP leases, IP pools and multiplier options in BRAS features, and more. Read on for details!

New features

Removing DHCP server leases

You may remember that the very old VyOS version had a command to remove a lease: "clear dhcp-server lease" that we removed around the 1.2.0 release. The reason for it removal was that it didn't always work correctly and could break the DHCP server in certain situations.

The problem is that ISC DHCP doesn't provide an option to force lease removal. The only way to remove a lease is to edit the lease file, and its syntax isn't as simple as it may seem. Worse yet, in failover configurations, there's simply no way to remove a lease with a command executed on just one server. The old script wasn't smart enough to know that.

Now there's a new implementation that understands the lease file syntax better (or so we hope) and refuses to do anything if the server is in failover mode, so it should help admins remove leases without getting in trouble. If you spot any problems with it, please let us know!

RADIUS QoS attribute support improvements

The RADIUS-based rate limiting improvements we talked about in the July update are also included in this release: it's now possible to specify a rate multiplier and a vendor attribute that defines the unit for that multiplier.  Here's an example for making it work with a billing setup made for Mikrotik:

set service ipoe-server authentication radius rate-limit attribute 'Mikrotik-Rate-Limit'

set service ipoe-server authentication radius rate-limit enable

set service ipoe-server authentication radius rate-limit multiplier '0.001'

set service ipoe-server authentication radius rate-limit vendor 'Mikrotik'

Other improvements

License files in /usr/share/doc are again included in the image. They briefly disappeared from VyOS images in 1.3.1 as a size reduction measure: since VyOS is not updated with APT, we've removed the entire /usr/share/doc during the build process. That practice is neither uncommon nor (to our knowledge) illegal: many embedded distros only keep licenses in the source code tree or in separate files, especially if they target very small devices. We still think it should be the last resort and if a distro can afford it, package licenses should be kept in place. Now they are back, since we figured out a way to selectively delete everything except licenses.

While re-inclusion of license files might have made the image slightly larger, we also eliminated another source of bloat — unused Telegraph plugins, so the image is actually 15 megabyte smaller than 1.3.1 (320MB instead of 335).

What's next?

VyOS 1.3.2 is a rather big release, but it's just one of the release we plan to make in the 1.3.x series and more improvements are coming. One of those things is greatly extended and improved GraphQL API that will soon leave its experimental status and serve as a basis for a web UI (already in progress), as well as a tool for everyone to make their own automation scripts and integrations with third-party management solutions.

The long-promised system of build flavors that will allow everyone to easily build existing image types other than the generic ISO and also make their own is also on the way. We (mainly, I) had to put it on hold to work on more pressing concerns for a while, but now it's back on track.

Getting VyOS LTS release images

If you are using VyOS in your company or are planning to, get a subscription and help fund its development! Remember that VyOS has no "exit strategy" — our goal is to keep VyOS available and free (as in freedom) indefinitely, and that requires sustainable funding. You can get either a software access subscription that includes multiple image flavors and email support for unlimited instances, or a support subscription for individual instance, that automatically includes images for your platform.

If you are an individual, you can get the generic ISO by donating on Open Collective. And if you are contributing to VyOS, whether you are writing code, improving the docs, or promoting VyOS publicly, we are happy to share pre-built images with you through contributor subscriptions.  Finally, you can always build your own images — just follow these instructions.


New features and improvements

  • T1375: Add clear dhcp server lease function
  • T2580: Support for ip pools for ippoe
  • T2683: no dual stack in system static-host-mapping host-name
  • T2763: New SNMP resource request - SNMP over TCP
  • T3318: Update Linux Kernel to v5.4.208 / 5.10.135
  • T3785: Add unicode support to configtree backend
  • T4260: Extend vyos.configdict.node_changed() to support recursiveness
  • T4315: Telegraf - Output to prometheus
  • T4336: isis: add support for MD5 authentication password on a circuit
  • T4346: Deprecate "system ipv6 disable" option to disable address family within OS kernel
  • T4373: PPPoE-server add multiplier option for shaper
  • T4395: Extend show vpn debug
  • T4421: Add support for floating point numbers in the numeric validator
  • T4442: HTTP API add action "reset"
  • T4456: NTP client in VRF tries to bind to interfaces outside VRF, logs many messages
  • T4489: MPLS sysctl not persistent for tunnel interfaces
  • T4507: IPoE-server add multiplier option for shaper
  • T4509: Feature Request: DNS64
  • T4515: Reduce telegraf binary size
  • T4522: bond: add ability to specify mii monitor interval via CLI
  • T4584: hostap: create custom package build
  • T4614: OpenConnect split-dns directive

Bug fixes

  • T2194: "show firewall" garbled output
  • T2654: Multiple names unable to be assigned to the same static mapping
  • T3507: Bond with mode LACP show u/u in show interfaces even if peer is not configured
  • T3714: Some sysctl custom parameters disappear after reboot
  • T4206: Policy Based Routing with DHCP Interface Issue
  • T4230: OpenVPN server configuration deleted after reboot when using a VRRP virtual-address
  • T4294: Adding a new openvpn-option does not restart the OpenVPN process
  • T4313: "generate public-key-command" throws unhandled exceptions when it cannot retrieve the key
  • T4319: The command "set system ipv6 disable" doesn't work as expected.
  • T4324: wwan: check alive script should only be run via cron if a wwan interface is configured at all
  • T4330: MTU settings cannot be applied when IPv6 is disabled
  • T4331: IPv6 link local addresses are not configured when an interface is in a VRF
  • T4337: isis: IETF SPF delay algorithm can not be configured - results in vyos.frr.CommitError
  • T4338: wwan: changing interface description should not trigger reconnect
  • T4339: wwan: tab-completion results in "No such file or directory" if there is no WWAN interface
  • T4341: login: disable user-account prior to deletion and wait until deletion is complete
  • T4350: DMVPN opennhrp spokes dont work behind NAT
  • T4354: Slave interfaces fall out from bonding during configuration change
  • T4361: `vyos.config.exists()` does not work for nodes with multiple values
  • T4363: salt-minion: default mine_interval option is not set
  • T4366: geneve: interface is removed on changes to e.g. description
  • T4369: OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node
  • T4388: dhcp-server: missing constraint on tftp-server-name option
  • T4405: DHCP client sometimes ignores `no-default-route` option of an interface
  • T4441: wwan: connection not possible after a change added after 1.3.1-S1 release
  • T4447: DHCPv6 prefix delegation `sla-id` limited to 128
  • T4468: web-proxy source group cannot start with a number bug
  • T4510: set system static-host-mapping doesn't allow IPv4 and IPv6 for same name.
  • T4513: Webproxy monitor commands do not work
  • T4521: bond: ARP monitor interval is not configured despite set via CLI
  • T4525: Delete interface from VRF and add it to bonding error
  • T4527: Prevent to create VRF name default
  • T4532: Flow-accounting IPv6 server/receiver bug
  • T4534: bond: bridge: error out if member interface is assigned to a VRF instance
  • T4537: MACsec not working with cipher gcm-aes-256
  • T4538: Macsec does not work correctly when the interface status changes.
  • T4565: vlan aware bridge not working with - Kernel: T3318: update Linux Kernel to v5.4.205 #249
  • T4572: Add an option to force interface MTU to the value received from DHCP
  • T4579: bridge: can not delete member interface CLI option when VLAN is enabled
  • T4592: macsec: can not create two interfaces using the same source-interface
  • T4616: openconnect: KeyError: 'local_users'
  • T4618: Traffic policy not set on virtual interfaces
  • T4632: VLAN-aware bridge not working
  • T4653: Interface offload options are not applied correctly

Other resolved issues

  • T4415: Include license/copyright files in the image but remove user documentation from /usr/share/doc to reduce its size
  • T4430: Show firewall output with visual shift default rule
  • T4629: Raised ConfigErrors contain dict instead of only the dict key
  • T4654: RPKI cache incorrect description
The post categories: