VyOS Platform Blog

VyOS Project April 2024 Update

Written by Erkin Batu Altunbas | April 11, 2024 7:40:48 PM Z

Hello, Сommunity!

In March, we made many minor improvements to existing features. Still, there are some significant features: many new services are available for configuration sync, drive encryption via LUKS with TPM support, and a new command to trigger commit archive manually.

New configuration options

  • NAT PREF64 support for router advertisements (T6118):

      set service router-advert interface <interface> nat64prefix <prefix>
  set service router-advert interface <interface> nat64prefix <prefix> valid-lifetime <n>

  • DHCP interface can be specified for IPsec connections (T5872):

      set vpn ipsec remote-access connection <connection> dhcp-interface <interface>

  • OSPFv3 metric and metric type can be specified for route redistribution (T5717):

      set protocols ospfv3 redistribute <protocol> metric <n>
  set protocols ospfv3 redistribute <protocol> metric-type [1|2]

  • Support for 802.1ad VLAN filtering (T6125):

      set interfaces bridge <bridge> protocol 802.1ad

  • All AS numbers can be excluded from a route's AS path (T6129):

      set policy route-map <name> rule <rule> set as-path exclude all

  • MTU size can be specified for traffic policy limiters (T1871):

      set qos policy limiter <limiter> default mtu <n>
  set qos policy limiter <limiter> class <class> mtu <n>

  • Checks to see if the nexthop is connected on the eBGP session can be disabled now (T6010):

      set protocols bgp parameters disable-ebgp-connected-route-check

  • Addresses can be excluded from VRRP advert packets per interface (T5832):

      set high-availability vrrp group <group> excluded-address <address> interface <interface>

  • New RTSP conntrack helper (T4022):

      set system conntrack modules rtsp
  set service conntrack-sync expect-sync rtsp

  • Logging can be disabled for the conntrack service (T6057):

      set service conntrack-sync disable-syslog

  • HTTPS server request body size limit can be manually set (T6107):

      set service https request-body-size-limit <1-256>

  • It is now possible to disable CPU power saving (T2447):

      set system option kernel disable-power-saving

  • System timezone can be set from the CLI (T6121):

      set system time-zone <timezone>

  • The scope of the config-sync service was greatly extended. See the pull requests (#1, #2) for the specifics (T6121).

New commands

  • Support for LUKS encryption with TPM. See the pull request for the specifics (T4919):

      encryption enable
  encryption disable
  encryption load

  • commit-archive update can now be manually triggered (T6133):

      force commit-archive

  • JSON output for container configuration (T6161):

      show container json
  show container image json
  show container network json

  • DHCPv6 lease clear command consistent with its IPv4 counterpart (T6102):

      clear dhcpv6-server lease <lease>

Other changes

  • The ability to disable Energy Efficient Ethernet was temporarily removed due to problems with non-compliant cards (T6152).

That's all for now, but stay tunes for updates, as always!
View full post