VyOS Networks Blog

Building an open source network OS for the people, together.

VyOS Project April 2024 Update

VyOS Developer Erkin Batu Altunbas
Posted 11 Apr, 2024

Hello, Сommunity!

In March, we made many minor improvements to existing features. Still, there are some significant features: many new services are available for configuration sync, drive encryption via LUKS with TPM support, and a new command to trigger commit archive manually.

New configuration options

  • NAT PREF64 support for router advertisements (T6118):

      set service router-advert interface <interface> nat64prefix <prefix>
      set service router-advert interface <interface> nat64prefix <prefix> valid-lifetime <n>
  • DHCP interface can be specified for IPsec connections (T5872):

      set vpn ipsec remote-access connection <connection> dhcp-interface <interface>
  • OSPFv3 metric and metric type can be specified for route redistribution (T5717):

      set protocols ospfv3 redistribute <protocol> metric <n>
      set protocols ospfv3 redistribute <protocol> metric-type [1|2]
  • Support for 802.1ad VLAN filtering (T6125):

      set interfaces bridge <bridge> protocol 802.1ad
  • All AS numbers can be excluded from a route's AS path (T6129):

      set policy route-map <name> rule <rule> set as-path exclude all
  • MTU size can be specified for traffic policy limiters (T1871):

      set qos policy limiter <limiter> default mtu <n>
      set qos policy limiter <limiter> class <class> mtu <n>
  • Checks to see if the nexthop is connected on the eBGP session can be disabled now (T6010):

      set protocols bgp parameters disable-ebgp-connected-route-check
  • Addresses can be excluded from VRRP advert packets per interface (T5832):

      set high-availability vrrp group <group> excluded-address <address> interface <interface>
  • New RTSP conntrack helper (T4022):

      set system conntrack modules rtsp
      set service conntrack-sync expect-sync rtsp
  • Logging can be disabled for the conntrack service (T6057):

      set service conntrack-sync disable-syslog
  • HTTPS server request body size limit can be manually set (T6107):

      set service https request-body-size-limit <1-256>
  • It is now possible to disable CPU power saving (T2447):

      set system option kernel disable-power-saving
  • System timezone can be set from the CLI (T6121):

      set system time-zone <timezone>
  • The scope of the config-sync service was greatly extended. See the pull requests (#1, #2) for the specifics (T6121).

New commands

  • Support for LUKS encryption with TPM. See the pull request for the specifics (T4919):

      encryption enable
      encryption disable
      encryption load
  • commit-archive update can now be manually triggered (T6133):

      force commit-archive
  • JSON output for container configuration (T6161):

      show container json
      show container image json
      show container network json
  • DHCPv6 lease clear command consistent with its IPv4 counterpart (T6102):

      clear dhcpv6-server lease <lease>

Other changes

  • The ability to disable Energy Efficient Ethernet was temporarily removed due to problems with non-compliant cards (T6152).

That's all for now, but stay tunes for updates, as always!

The post categories: