VyOS Project April 2024 Update
Hello, Сommunity!
In March, we made many minor improvements to existing features. Still, there are some significant features: many new services are available for configuration sync, drive encryption via LUKS with TPM support, and a new command to trigger commit archive manually.
New configuration options
-
NAT PREF64 support for router advertisements (T6118):
set service router-advert interface <interface> nat64prefix <prefix> set service router-advert interface <interface> nat64prefix <prefix> valid-lifetime <n>
-
DHCP interface can be specified for IPsec connections (T5872):
set vpn ipsec remote-access connection <connection> dhcp-interface <interface>
-
OSPFv3 metric and metric type can be specified for route redistribution (T5717):
set protocols ospfv3 redistribute <protocol> metric <n> set protocols ospfv3 redistribute <protocol> metric-type [1|2]
-
Support for 802.1ad VLAN filtering (T6125):
set interfaces bridge <bridge> protocol 802.1ad
-
All AS numbers can be excluded from a route's AS path (T6129):
set policy route-map <name> rule <rule> set as-path exclude all
-
MTU size can be specified for traffic policy limiters (T1871):
set qos policy limiter <limiter> default mtu <n> set qos policy limiter <limiter> class <class> mtu <n>
-
Checks to see if the nexthop is connected on the eBGP session can be disabled now (T6010):
set protocols bgp parameters disable-ebgp-connected-route-check
-
Addresses can be excluded from VRRP advert packets per interface (T5832):
set high-availability vrrp group <group> excluded-address <address> interface <interface>
-
New RTSP conntrack helper (T4022):
set system conntrack modules rtsp set service conntrack-sync expect-sync rtsp
-
Logging can be disabled for the conntrack service (T6057):
set service conntrack-sync disable-syslog
-
HTTPS server request body size limit can be manually set (T6107):
set service https request-body-size-limit <1-256>
-
It is now possible to disable CPU power saving (T2447):
set system option kernel disable-power-saving
-
System timezone can be set from the CLI (T6121):
set system time-zone <timezone>
-
The scope of the
config-sync
service was greatly extended. See the pull requests (#1, #2) for the specifics (T6121).
New commands
-
Support for LUKS encryption with TPM. See the pull request for the specifics (T4919):
encryption enable encryption disable encryption load
-
commit-archive
update can now be manually triggered (T6133):force commit-archive
-
JSON output for container configuration (T6161):
show container json show container image json show container network json
-
DHCPv6 lease clear command consistent with its IPv4 counterpart (T6102):
clear dhcpv6-server lease <lease>
Other changes
- The ability to disable Energy Efficient Ethernet was temporarily removed due to problems with non-compliant cards (T6152).
That's all for now, but stay tunes for updates, as always!
Comments