VyOS Networks Blog

Building an open source network OS for the people, together.

VyOS Project December 2024 Update

Daniil Baturin
Posted 30 Dec, 2024

Hello, Community!

The December update is here! The biggest highlight of this month is the 1.4.1 release but there was lots of work in the rolling release as well, both from the maintainers team and from our contributor community. One of the biggest news in the rolling release is that we are ready to update FRR — our routing protocol stack — to the latest 10.2 release. That will allow us to get rid of the legacy OpenNHRP daemon that we use for DMVPN and use FRR's built-in NHRP implementation, among other things.

Apart from that, there are many more bug fixes and improvements made in November and December, especially in QoS, IPoE server, and other areas — read on for details!

New features and improvements

  • It is now possible to statically assign IP addresses to IPoE server users: set service ipoe-server authentication interface <intf> mac <MAC address> static-ip <IP> (T6628).
  • It is now possible to specify name servers for containers: set container name <name> name-server <address> (T6927).
  • A command for setting MTU for container networks: set container network <name> mtu <value> (T6884).
  • set pki certificate my-test-cert acme listen-address command now supports IPv6 addresses (T6368).
  • Zabbix agent CLI allows configuring pre-shared authentication keys now (T6934): 
    set service monitoring zabbix-agent authentication mode pre-shared-secret
set service monitoring zabbix-agent psk id '<name>'
set service monitoring zabbix-agent psk secret '<secret>'
  • QoS class matching policies now support Ethernet parameters (T6874).
  • PPPoE server can listen on both the base interface and its VLANs when you set set service pppoe-server interface <intf> combined (T6936).
  • IPoE session start is configurable now: set service ipoe-server interface eth1 start-session <dhcpv4|unclassified-packet> (T6906).
  • Lua script support for IPoE server (T6872): 
    set service ipoe-server lua-file <path_to_lua_file>
set service ipoe-server interface eth1 lua-username <username_func>
  • SSH server now supports configuring trusted CA certificates: set service ssh trusted-user-ca-key (T6013).
  • It is now possible to set Ethernet interfaces to switchdev mode to enable offload: set interfaces ethernet <intf> switchdev (T6944).
  • mDNS repeater cache entries limit is now configurable: set service mdns repeater cache-entries <number> (T6908).
  • Support for base64-encoded IPsec secrets (already included in 1.4.1, T264).
  • WireGuard interfaces can be created without peer settings now (T6490).
  • It is possible to specify more than one tuning profile in set system options performance (T3501).
  • New op mode command run show dhcpv6 server statistics (T6852).

Bug fixes

  • RPS offload now works on CPUs with more than 32 cores (T6917).
  • Fixed an issue with CAKE QoS policy flow isolation parameters (T6790).
  • add system image latest vrf <VRF> correctly respect the VRF argument now (T6767).
  • The distance for routes received from PPPoE servers is now correctly set to 1 (T6863).
  • Bridge firewalls now accept PPPoE session traffic — for now as a special case but later the list of protocols to never consider invalid connections will be a configurable option (T6918).
  • Local system accounts associated with daemons are no longer incorrectly included in TACACS+ authorization (T6613).
  • Fixed an issue in the dynamic DNS config syntax migration script (T6950).
  • Fixed an issue with missing leases in the output or run show dhcp server leases (T5992).
  • USB console devices are correctly recognized in udev rules again (T6985).
  • Fixed a GeoIP rules scheduled update issue (T6986).
  • Fixed an issue with excessive sudo log messages (T6926)
  • It is now possible to create multiple routes to the same destination with different dhcp-interface options (T4214).
  • run show bridge vni works correctly now (T6770).
  • Attempts to create static multicast routes no longer cause script errors (T6920).
  • Fixed a bug with system CA installation (T6809).
  • Fixed an unhandled exception in the shaper-hfsc QoS policy script (T6806).
  • The conntrack logging service is now correctly stopped when its configuration is deleted (T6878).
  • Fixed a race condition in the DHCP server configuration code (T6876).
  • Fixed broken rate-control QoS policy configuration (T6801).
  • Fixed an issue with duplicate QoS filters (T6795).
  • Fixed broken round-robin QoS policy (T6802).
  • Fixed an issue with static-route option that could prevent DHCP server from starting (T6031).
  • Fixed an issue with configuring Xen virtual NICs (T6764).

That's all for not but stay tuned for updates — there are more news to come soon!
The post categories: qos project updates 1.5 ipoe containers

Comments

Blog Categories

RSS Feed arrow
See All Categories