Hello, community!
We constantly develop VyOS, even if we don't always share updates. Currently, we're focused on the 1.3.3 LTS release, which should be out these days
In the meantime, here's a summary of what's been happening in the project lately.
set high-availability vrrp global-parameters startup-delay <seconds>
set vpn pptp remote-access authentication radius rate-limit enable
set vpn pptp remote-access authentication radius rate-limit attribute <id>
set vpn pptp remote-access authentication radius rate-limit vendor <dict>
set vpn pptp remote-access authentication radius rate-limit multiplier <n>
As of this May, all Vyatta-era legacy CLI definitions have been rewritten in the modern Python/XML format. The sole exception is cluster, which we will not rewrite — we discovered that all functionality that the Heartbeat-based clustering component used to provide is now available in Keepalived, so we will convert all cluster configs to VRRP using a migration script instead.
Complete conversion to the new style will open up many possibilities, including auto-generated command reference, commit dry-run, and more.
In addition, this month saw the addition of many new features.
wpa_supplicant
package no longer allows TLS v1.0 or v1.1 connections. VyOS now overrides that behavior for the sake of maintaining legacy EAP-TLS setups. (T5151)To completely disable IKE rekeying, you can now set the lifetime to zero:
set vpn ipsec ike-group IKE lifetime 0
show vpn ipsec remote-access <summary|detail|connection-id|username>
ddclient
cache format. (T5144)It is now formatted as a table with per-host dual-stack information in rows. Time of last update is displayed in local time instead of UTC.
show <ip|ipv6> bgp neighbors <address> filtered-routes
show bgp vni [<n>|all] type [1|2|3|ead|macip|multicast] show bgp vni [<n>|all] vtep <address>
set protocols failover route <subnet> next-hop <address> check policy [all-available|any-available]
set protocols failover route <subnet> next-hop <address> check target <address>
set protocols static route <address> next-hop <address> bfd profile <name>
set protocols static route <address> next-hop <address> bfd multi-hop source <address> profile <name>
set protocols static table <n> [route|route6] <address> bfd profile <name>
set protocols static table <n> [route|route6] <address> bfd multi-hop source <address> profile <name> show bfd static routes
set protocols [isis|ospf] ldp-sync
set protocols [isis|ospf] ldp-sync holddown <n> set protocols [isis|ospf] interface <name> ldp-sync holddown <n>
auditd
(T5142)The audit logs can be displayed with a new command: show log audit
.
set system login max-login-session 2
The command is the same:
show tech-support report
However, it was rewritten from shell to Python for ease of maintenance and the output format was also improved.
The conf-mode syntax for Zebra routing filters has been updated for internal consistency. (Your existing config will be automatically migrated with the update.) It is now possible to filter for BGP IPv6 routes, static routes and connected routes with the new syntax:
set system ip protocol <any|babel|bgp|connected|eigrp|isis|kernel|ospf|rip|static|table> route-map <name>
set system ipv6 protocol <any|babel|bgp|connected|eigrp|isis|kernel|ospfv3|rip|static|table> route-map <name>
Stay tuned for the next month's update for even more features like VRF support for Syslog and more!