VyOS Networks Blog

Building an open source network OS for the people, together.

VyOS Project July 2025 Update

Daniil Baturin
Posted 6 Aug, 2025

Hello, Community!

This month's update looks small — just a few small features and a bunch of bug fixes. One reason is the vacation season, of course. Some people (namely, I and Yuriy) went to DebConf 2025 rather than a vacation, where we heard a lot of interesting talks and had productive conversations with Debian developers — the biggest thing is that we will likely be able to contribute our improvements to live-build back to upstream which is great

The other reason is that there are lots of big developments in-progress that do not have visible effects yet, including an operational mode rework that will open up a pathway to operator-level user access controls; the ongoing work on rewriting the configuration backend; VPP support for VRRP, sFlow support for VPP, and BRAS protocols.

Contributor license agreement

You might have noticed that new PRs now require contributors to sign a contributor license agreement — signing is done by leaving a comment in the PR itself, so no complicated process there.

That agreement is a more or less exact copy of the agreement used by the Linux Foundation. The main point is that you certify that you have the right to distribute the code in question, are not infringing anyone else's rights, and are ready to give us the right to use the code.

New features

  • Add no-split-gso and ack-filter for CAKE (T7589).
  • Support PROXY protocol for haproxy: set load-balancing haproxy service <name> listen-address <addr> accept-proxy (T7595).
  • IKEv2 retransmission options: set vpn ipsec options retransmission <attempts ...|base ...|timeout ...> (T7504).
  • SRv6 uSID IS-IS capability: set protocols isis segment-routing srv6 locator <locator> (T7639).

Bug fixes

  • Fixed a uuidgen warning if DMI doesn't have product_serial or it empty (T7587).
  • Fixed the WAN load balancer default SNAT behaviour (T7584).
  • Call libvyosconfig functions from the main thread under http-api (T7588).
  • service monitoring prometheus No longer tries to stop unconfigured services (T7528).
  • Command 'show vpn debug peer <peer_name>' works correctly again (T7545).
  • show wan-load-balance command was briefly broken but now works correctly again (T7622).
  • WAN load balancer no longer erroneously enables packet rate limits (T7625).
  • Fix regression in vyos-load-config: allow load without argument to load default (T7627).
  • Trying to configure config encryption in a live CD now correctly causes an error (T4919).
  • Configuration encryption now works without a hardware TPM (T7628).
  • MSS clamping is now correctly applied on VRF interfaces (T5797).
  • Fixed a memory leak in vyos.airbag (T6704)
  • Fixed a missing import and an incorrect check in NAT64 (T7645).
  • Fix the output command of "show vpn ipsec connection" for passthrough tunnels (T7489).
  • VPP configuration no longer requires a second reboot after upgrade (T7649).
  • protocol all works correctly in IPsec again (T7581).
  • IPSec traffic selectors without prefixes work correctly again (T7593).
  • QAT configuration no longer erroneously declares virtual function C62x devices unsupported (T7662).

Internal changes

  • Add support for standalone behavior and virtual tag nodes to the op mode cache generator (T7580).
  • Config merging is now implemented in VyConf (T7499).
  • Add a test for DHCP default route with VRF (T7623).
  • Set up a linter check to check complete files for syntax errors and missing imports (T7648).
The post categories: ipsec vpp 1.5 load balancing

Comments

Blog Categories

RSS Feed arrow
See All Categories