Hello, Community!
VyOS 1.4.0-epa2 image is now available to customers and contributors (and everyone can build it from the sagitta branch of vyos-build, of course)! If you are new to VyOS, the "EPA" part means "early production access" — the final stage when the release is already used in production by a subset of users and on our proper infrastructure. This is the second release on the path to the final stabilization of the 1.4.0/Sagitta branch. It mainly features bug fixes but contains minor features
New features
If you didn't know, VyOS supports unicast VRRP mode — it comes in handy in weird networks where multicast doesn't work correctly and allows VRRP to function even if someone intentionally disabled all multicast traffic. Before, this functionality was limited to creating an HA pair. However, now you can configure multiple peers with more than one backup router.
set high-availability vrrp group MyGroup peer-address 192.0.2.10
set high-availability vrrp group MyGroup peer-address 192.0.2.20
Another noticeable improvement is a new operational mode command to remove all container images at once: delete container image all.
Bug fixes and refactoring
Previously, VyOS scripts that deal with Ethernet interfaces would parse the human-readable output of ethtool. That led to a complex implementation of serious bugs — up to commit errors with certain NICs (like in T6070). Fortunately, the version of ethtool we use in 1.4 supports JSON output, so now those scripts simply load JSON instead — the implementation is much simpler, and new bugs like that should not appear anymore.
There are more refactoring efforts and fixes — here's a full changelog for details.
Changelog
Configuration syntax changes (automatically migrated)
- T6079: dhcp: migration fails for duplicate static-mapping
New features and improvements
- T4977: Babel routing protocol support — completed, including proper smoke tests.
- T5504: Keepalived VRRP ability to set more than one peer-address
- T5717: ospfv3 - add allow to set metric-type to ospf redistribution while FRR docs say it's possible.
- T5781: Add ability to add additional minisign keys
- T6057: Add ability to disable syslog for conntrackd
- T6060: op-mode: container: support removing all container images at once
- T6087: ospfv3: add support to redistribute IS-IS routes
- T6020: VRRP health-check script is not applied correctly in keepalived.conf
Bug fixes
- T2998: SNMP v3 oid "exclude" option doesn't work
- T4270: dns forwarding - When "ignore-hosts-file" is unset, local hostname of router resolves to 127.0.1.1
- T5909: Container registry with authentication prevents config load (section container) after reboot
- T6054: load-balancing wan - doesn't configure a list of ports
- T6055: PKI error: "failed to install x value" when executed the command from conf mode
- T6061: connection-status nat destination firewall filter not working in 1.4.0-epa1
- T6069: HTTP API segfault during concurrent configuration requests
- T6070: bnx2x NIC causes a commit error due to incorrect implementation of EEE status reading
- T6073: Conntrack/NAT not being disabled when VRFs are defined
- T6074: container: do not allow deleting images which have a container running
- T6079: dhcp: migration fails for duplicate static-mapping
- T6081: QoS policy shaper target and interval wrong calcuations
- T6084: OpenNHRP DMVPN configuration file clean after reboot if we have any IPSec configuration
- T6086: NAT does not work with network-groups
- T6093: Incorrect dhcp-options vendor-class-id regex
- T6096: Config commits are not synced properly because 00vyos-sync is deleted by vyos-router
- T6098: Description doesnt seem to allow for non international characters
- T6104: Regression in commit-archive for non-interactive configuration
- T6107: Nginx does not allow big config queries for configure endpoint API
Other resolved issues
- T5738: Extend XML building blocks
- T6071: firewall: CLI description limit of 256 characters cause config upgrade issues
- T6075: Applying firewall rules with a non-existent interface group
- T6077: banner: implement ASCII contest winner default logo
- T6083: ethtool: move string parsing to JSON parsing
- T6095: Tab completion for "set interfaces wireless wlan0 country-code" incorrect country "uk"