1.3 Eqquleus
1.3.9 (future release)
Bug fixes
T5926
IPSEC does not apply after l2tp configuration was changed
Other resolved issues
T1311
WAN load-balancing can't flush connections when conntrack-sync is enabled
1.3.8 (25th June 2024)
Bug fixes
1.3.7 (13th May 2024)
Security
T6324
CVE-2024-2961
New features and improvements
T1244
Add support for StartupResync in conntrack-sync
T5364
Make it possible to set the PADO delay to 0
T5418
Allow arbitrary subnets in PPPoE client IP pools
T5504
Make it possible to set more than one peer-address in unicast VRRP
T6057
Add ability to disable syslog for conntrackd
Bug fixes
T1751
DNS server addresses from DHCPv6 are not added to resolv.conf
T1976
deleting address-family under neighbor will disable neighbor
T2044
RPKI doesn't boot properly
T2113
OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping
T2279
Router resolves as 127.0.1.1 when using Router's Recursive DNS
T2590
DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c
T2612
HTTPS API, changing API key fails but goes through
T2801
conntrack-tools flooding logs
T2998
SNMP v3 oid "exclude" option doesn't work
T3437
BGP Confederation Addition Causes Error
T3992
Unhandled exception when trying to add an interface with an assigned address to a bridge
T4270
When "ignore-hosts-file" is unset, local hostname of the router resolves to 127.0.1.1 in the DNS forwarding service
T4453
dhclient fails to renew DHCP lease with VRF
T5239
Host name and domain name missing from the FRR configuration
T5982
Isolated interfaces smoketest fail
T6004
Missing RPKI boot priority prevents it from loading
T6056
Applying 'system static-host-mapping' command calls unnecessary snmpd restart
T6088
Configuration corrupted after saving and powercut or force reboot
T6096
Config commits are not synced properly because 00vyos-sync is deleted by vyos-router
T6110
Insufficient validation of range option with failover in DHCP server
T6124
Docker equuleus build image doesn't build due to fpm
T6141
Trying to set PADO delay in PPPoE server without also configuring the session options causes a commit failure
T6150
Impossible to set a static IP address via RADIUS in IPoE
T6193
dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces
T6196
route-map and summary-only do not work in BGP aggregation at the same time
T6243
Update vyos-http-api-tools for package idna security advisory
Other resolved issues
1.3.6 (14th February 2024)
Security
T5318
Security Vulnerabilities for VyOS 1.3.3
Configuration syntax changes (automatically migrated)
T2060
source-validation will be configured at different locations and could lead to massive confusion
T2289
Denest cerbot certificate configuration from service https
New features and improvements
T1929
ipset in firewall
T2060
source-validation will be configured at different locations and could lead to massive confusion
T2116
Processing configuration via Cloud-init User-Data
T2191
Using tallow to block sshd probes
T2289
Denest cerbot certificate configuration from service https
T3039
Resize a root partition and filesystem automatically during deployment in virtual environments
T4039
Rsyslog to use 'protocol23format' for protocol UDP
T4078
A hybrid of "network-group" and "address-group".
T5182
Update Intel ice driver
T5187
Update Realtek r8152 driver
T5275
Add op mode commands for exporting certificates to PEM files with correct headers
T5796
Openconnect - HTTPS security headers are missing
Bug fixes
T117
Cannot install from ISO via serial console on ttyS1
T1925
DMVPN is always listed as down in "show vpn ipsec sa"
T2085
Building some packages with vyos-build no longer works for Equuleus/current
T2163
Disabled vif interface with "address dhcp" requests DHCP address
T2404
Cannot change MTU
T2509
No inotify notifications from /
T2574
wan-load-balance snat bug and route problem
T2793
compare + TAB completion does not show proper username if user contains _
T2837
make-version-file executed too early during build process
T3154
route-map CLI allows 32-bit ASNs in community options even though FRR doesn't
T3980
vrrp transition-script validator makes warning fatal and also causes a python NameError exception
T4062
VRRP IPSEC-AH : sequence number xxxxxxx already processed. Packet dropped. Local(xxxxxxx)
T4566
Cannot log in on serial console on Equuleus v1.3.1
T4752
ICMP redirects not working / not properly configured
T4760
VyOS does not support running multiple instances of DHCPv6 clients
T4990
Commit results may not be properly saved if power is cut immediately after a successful commit
T5180
initramfs-tools ignores firmware from updates directory
T5543
Fix source address handling in static joins
T5625
"restart vpn" does not work if ipsec-interfaces is not set
T5739
Password recovery does not work if public keys are configured
T5800
HTTPS API unavailable after delete VRF
T5852
Reboots fail with eapol WAN interface
T5914
CVE-2023-48795 - Terrapin vulnerability
T5924
Build cannot pass the smoketest dialup-router-medium-vpn
T5967
Multi-hop BFD connections can't be established; please add minimum-ttl option.
T6017
Update vyos-http-api-tools for security advisory
Other resolved issues
T922
OSPF - Process Crash after peer reboot
T1297
Add GARP settings to VRRP/keepalived
T1369
GCP Networking Failure
T1500
Slow boot/load and CLI response times
T1667
Add a tool for automatically importing old style command definitions into XML
T1671
rewrite udev script logic /lib/udev/vyatta_net_name
T1981
Allow route-map 'set src' to reference both IPv4 and IPv6
T2223
convert operational show interfaces to python/XML
T2353
Interface [conf_mode] errors parent task
T2431
Python validators are slow
T2452
Serial console related issues
T2546
The root task for rewriting [op-mode] to XML
T2579
The root task for VRF features
T2655
ConfigError formatting issue
T2720
Rework vyos.template Python module to make future extension easier
T2755
Requirements for partial interface setup
T2799
VyOS Certificates Manager
T3191
PAM RADIUS freezing when accounting does not configured on RADIUS server
T3348
dhcpd: Can't create new lease file: Permission denied
T3403
Error on interrupting list of pppoe sessions
T3513
Attempting to remove firewall rule results in error
T3688
Fail to save configuration via scp/sftp
T3737
openvpn-option needs to be able to support quotes as since openvpn 2.4.
T3813
Some custom sysctl parameters can't be applied bug
T4222
Support for TWAMP as round-trip metric
T4646
USB serial output console does not work
T5274
Add a deprecation warning for OpenVPN site-to-site with pre-shared secret
T5714
IPSec VPN: op-mode: "show log vpn" does not show results
T5715
IPSec VPN: restart vpn is not working
T6014
Bump keepalived version
T6249
ISO builder fails because of changed buster-backport repository
1.3.5 (15th December 2023)
Configuration syntax changes (automatically migrated)
T2139
openvpn: allow "dh-file none" to disable DH for ECDH keys
New features and improvements
T1118
Obsolete "utc" option in time selector in firewall
T2014
Use vendor specific NTP Pool hostname
T2139
openvpn: allow "dh-file none" to disable DH for ECDH keys
T4269
node.def generator should automatically add default values
T5213
Accel-ppp sending accounting interim updates acct-interim-interval option
T5270
Make OpenVPN `tls dh-params` optional
T5271
Add support for peer-fingerprint to OpenVPN
T5273
Add op mode commands for displaying certificate details and fingerprints
T5387
dhcp6c: add a no release option
T5576
Add bgp remove-private-as all option
T5586
Disable by default SNMP for Keepalived VRRP
T5630
pppoe: allow to specify MRU in addition to already configurable MTU
T5661
Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection
Bug fixes
T305
loadbalancing does not work with one pppoe connection and another connection of either dhcp or static
T971
authentication public-keys options quoting issue
T1012
vyos-build configure script should check /etc/issue to avoid confusion
T2051
Throughput anomalies
T2250
vyos-build "make iso" error if configure was ran outside of the docker container
T3020
The "scp" example is wrong in the bash-completion for "set system config-management commit-archive location"
T3045
Changes to Conntrack-Sync don't apply correctly (Mutlicast->UDP)
T3940
DHCP client does not remove IP address when stopped by the 02-vyos-stopdhclient hook
T4146
Nginx should not listen on port 80
T4328
Large MTU on 1.3.1-S1
T4402
OpenVPN client-ip-pool option is broken
T4601
dhcp : relay agent IP address issue.
T4776
NVME storage is not detected properly during installation
T5223
tunnel key doesn't clear
T5235
SSH keys with special characters cannot be applied via Cloud-init
T5402
VRRP router with rfc3768-compatibility sends multiple ARP replies
T5413
Deny the opportunity to use one public/private key pair on both wireguard peers.
T5486
Service dns dynamic cannot pass the smoketest
T5669
VXLAN interface changing port does not work
T5670
bridge: missing member interface validator
T5763
Fix imprecise check for remote file name in vyos-load-config.py
T5777
frr: backport and upstream recent bgpd daemon crashes
Other resolved issues
T1276
dhcp relay + VLAN fails
T2719
Standardized op mode script structure
T3536
Unable to list all available routes
T3702
Policy: Allow routing by fwmark
T5191
Replace underscores with hyphens in command-line options generated by vyos.opmode
T5268
OpenVPN: upgrade package to 2.6 series
T5280
Update Expired keys (2023-06-08) for PowerDNS
T5578
"ikev2-reauth" description contains outdated information
T5624
Remove /etc/debian_version from the image
T5632
Add jq package to parse JSON files
T5817
Show openvpn server fails in some cases
1.3.4 (17th October 2023)
New features and improvements
T738
Add local-port and resolver port options for powerdns in CLI configuration tree
T2123
Configure 3 NTP servers
T2424
Ability to choose the direction of Mirroring
T3144
Support op-mode command to release DHCP leases
T3546
Add support for running scripts on PPPoE server session events
T4151
IPV6 local PBR Support
T4426
Add arpwatch to the image
T4475
route-map does not support ipv6 peer
T4825
interfaces veth/veth-pairs -standalone used
T5190
Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0
T5265
WAN load-balancing: missing completion helpers
T5315
vrrp: add support for version 3
T5354
Add sshguard to protect against brut-forces for 1.3
Bug fixes
T2611
Prefix list names are shared between ipv4 and ipv6
T2908
VRF and bridge membership isn’t mutually exclusive
T2958
DHCP server doesn't work from a live CD
T3070
Firewall going OOM, possible related to nftables migration
T3098
Cannot talk to rtnetlink: Message too long Command failed -:1
T3339
Cloud-Init domain search setting not applied
T4113
Incorrect GRUB configuration parsing
T4121
Nameservers from DHCP client cannot be used in specific cases
T4407
Network-config v2 is broken in Cloud-init 22.1 and VyOS 1.3
T4412
commit archive: reboot not working with sftp
T4459
API service with VRF doesn't work in 1.3.1
T4745
CLI TAB issue with values with '-' at the beginning in conf mode
T4790
RADIUS login does not work if sum of timeouts more than 50s
T4855
Trying to create more than one tunnel of the same type to the same address causes unhandled exception
T4869
A network with `/32` or `/128` mask cannot be removed from a network-group
T4895
Tag nodes are overwritten when configured by Cloud-Init from User-Data
T5006
Http api segfault with concurrent requests
T5140
Firewall network-group problems
T5221
BGP as-override behavior differs from new FRR and other vendors
T5240
Service router-advert failed to start radvd with more then 3 name-servers
T5305
REST API configure operation should not be defined as async
T5313
UDP broadcast relay - missing verify() that relay interfaces have an IP address assigned
T5329
Wireguard interface as GRE tunnel source causes configuration error on boot
T5428
dhcp: client renewal fails when running inside VRF
T5506
Container bridge interfaces do not have a link-local address
T5524
Add config directory to liveCD
T5533
Keepalived VRRP IPv6 group enters in FAULT state
T5545
sflow is not working
T5555
Fix timezone migrator (system 13-to-14)
T5594
VRRP - Error if using IPv6 Link Local as hello source address
Other resolved issues
T469
Problem after commit with errors
T2296
Upgrade WALinux to 2.2.41
T3424
PPPoE IA-PD doesn't work in VRF
T3577
Generating vpn x509 key pair fails with command not found
T3713
Create a meta-package for user utilities
T4306
Do not check for ditry repository when building release images
T4874
Add Warning message to Equuleus
T4933
Malformed lines cause vyos.util.colon_separated_to_dict fail with a nondescript error
T5272
Upgrade OpenVPN to 2.6 in Equuleus
T5470
wlan: can not disable interface if SSID is not configured
T5557
bgp: Use treat-as-withdraw for tunnel encapsulation attribute CVE-2023-38802
1.3.3 (22th June 2023)
Security
Configuration syntax changes (automatically migrated)
T4628
ConfigTree() throws ValueError() if tagNode contains whitespaces
New features and improvements
T1024
Policy Based Routing by DSCP
T1928
Is the 'Welcome to VyOS' message when using SSH an information leak?
T1993
Extended pppoe rate-limiter
T2603
pppoe-server: reduce min MTU
T2640
Running VyOS inside Docker containers
T2769
Add VRF support for syslog
T3937
Rewrite "show system memory" in Python to make it usable as a library function
T4219
support incoming-interface (iif) in local PBR
T4575
vyos.utill add new wrapper "rc_cmd" to get the return code and output
T4683
Add kitty-terminfo package to build
T4727
Add RADIUS rate limit support to PPTP server
T4743
Enable IPv6 address for Dynamic DNS
T4785
snmp: Allow !, @, * and # in community name
T4812
IPsec ability to show all configured connections
T4898
Add mtu config option for dummy interfaces
T4922
Add ssh-client source-interface CLI option
T4947
Support mounting container volumes as ro or rw
T4948
pppoe: add CLI option to allow definition of host-uniq flag
T4949
Backport "monitor log" and "show log" op-mode definitions from current to equuleus
T4959
Add container registry authentication config for containers
T4971
Radius attribute "Framed-Pool" for PPPoE
T5033
generate-public-key command fails for address with multiple public keys like GitHub
T5098
PPPoE client holdoff configuration
Bug fixes
T2118
Failure to boot after power outage due to dirty filesystem and no fsck in initramfs
T2189
Adding a large port-range will take ~ 20 minutes to commit
T2516
vyos-container: cannot configure ethernet interface
T2838
Ethernet device names changing, multiple hw-id being added
T3852
DHCP client issue - interface has two dhclient processes when link is unpluged and then plug again
T4117
Does not possible to configure PoD/CoA for L2TP vpn
T4153
Monitor bandwidth-test initiate not working
T4177
Strip-private doesn't work for service monitoring
T4312
Telegraf configuration doesn't accept IPs for URL
T4533
Radius clients don’t have simple permissions
T4582
Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs
T4628
ConfigTree() throws ValueError() if tagNode contains whitespaces
T4630
Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time
T4642
proxy: hyphen not allowed in proxy URL
T4648
PPPoE: Ignore default router from RA when PPPoE default-route is set to none
T4664
Add validation to reject whitespace in tag node value names
T4668
Adding/removing members from bond doesn't work/results in incorrect interface state
T4671
linux-firmware package is missing symlinks defined in WHENCE file
T4679
OpenVPN site-to-site incorrect check for IPv6 local and remote address
T4680
Telegraf prometheus-client listen-address invalid format
T4702
Wireguard peers configuration is not synchronized with CLI
T4709
TCP MSS clamping broken in equuleus
T4730
Conntrack-sync error - listen-address is not the correct type in config as it should be
T4737
FRRouting/zebra 7.5.1 does not redistribute routes to other protocols
T4799
PowerDNS >= 4.7 does not get reloaded by vyos-hostsd
T4872
Op-mode show openvpn misses a case when parsing for tunnel IP
T4884
Missing a community6 in snmpd config
T4896
ospfv3: Fix broken not-advertise option
T4902
snmpd: exclude container storage from monitoring
T4918
Odd show interface behavior
T4939
VRRP command no-preempt not work as expected
T4955
Openconnect radiusclient.conf generating with extra authserver
T4975
CLI does not work after cutting off the power or reset
T4978
KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536
T4992
Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set
T4993
Can't delete conntrack ignore rule
T5009
op-mode command: restart dhcp relay-agent not working
T5011
Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped
T5017
Bug with validator interface-name
T5047
Recreate only a specific container
T5066
Different GRE tunnel but same tunnel keys error
T5136
Possible config corruption on upgrade
T5152
Telegraf agent hostname isn't qualified
T5175
http-api: error in MultiPart parser for FastAPI version >= 0.91.0
T5176
http-api: update vyos-http-api-tools for FastAPI security vulnerability
T5186
QoS test cannot pass for 1.3
Other resolved issues
T1288
FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*)
T1875
Add the ability to use network address as BGP neighbor (bgp listen range)
T2913
Failure to install fpm while building builder docker image
T3083
Add feature event-handler
T3608
Standardize warnings from configure scripts
T3810
webproxy squidguard rules don't work properly after rewriting to python.
T4122
interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?)
T4262
install image doesn't respect chosen root partition size
T4381
OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command
T4511
IPv6 DNS lookup
T4625
Update ocserv to current revision (1.1.6)
T4652
Upgrade PowerDNS recursor to 4.7 series
T4798
Migrate the file-exists validator away from Python
T4832
dhcp: Add IPv6-only dhcp option support (RFC 8925)
T4875
Replace Python validator 'interface-name' to avoid Python startup cost
T4900
Cache intermediary results of get_config_diff in Config instance
T4906
ipsec connections shows only one connection as up
T4925
Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2
T4999
vyos.util backport dict_search_recursive
T5007
Interface multicast setting is invalid
T5008
MACsec CKN of 32 chars is not allowed in CLI, but works fine
T5111
pppd-dns.service startup failed
T5243
Default route is inactive if an interface has multiple ip addresses of the same subnet in 1.3.2 Equuleus
1.3.2 (7th November 2022)
New features and improvements
T1375
Add clear dhcp server lease function
T2580
Support for ip pools for ippoe
T2683
no dual stack in system static-host-mapping host-name
T2763
New SNMP resource request - SNMP over TCP
T3318
Update Linux Kernel to v5.4.208 / 5.10.142
T3785
Add unicode support to configtree backend
T4260
Extend vyos.configdict.node_changed() to support recursiveness
T4315
Telegraf - Output to prometheus
T4336
isis: add support for MD5 authentication password on a circuit
T4346
Deprecate "system ipv6 disable" option to disable address family within OS kernel
T4373
PPPoE-server add multiplier option for shaper
T4395
Extend show vpn debug
T4421
Add support for floating point numbers in the numeric validator
T4442
HTTP API add action "reset"
T4456
NTP client in VRF tries to bind to interfaces outside VRF, logs many messages
T4489
MPLS sysctl not persistent for tunnel interfaces
T4507
IPoE-server add multiplier option for shaper
T4509
Feature Request: DNS64
T4515
Reduce telegraf binary size
T4522
bond: add ability to specify mii monitor interval via CLI
T4584
hostap: create custom package build
T4614
OpenConnect split-dns directive
T4647
Add Google Virtual NIC (gVNIC) support
Bug fixes
T2194
"show firewall" garbled output
T2654
Multiple names unable to be assigned to the same static mapping
T3507
Bond with mode LACP show u/u in show interfaces even if peer is not configured
T3714
Some sysctl custom parameters disappear after reboot
T4206
Policy Based Routing with DHCP Interface Issue
T4230
OpenVPN server configuration deleted after reboot when using a VRRP virtual-address
T4294
Adding a new openvpn-option does not restart the OpenVPN process
T4313
"generate public-key-command" throws unhandled exceptions when it cannot retrieve the key
T4319
The command "set system ipv6 disable" doesn't work as expected.
T4324
wwan: check alive script should only be run via cron if a wwan interface is configured at all
T4330
MTU settings cannot be applied when IPv6 is disabled
T4331
IPv6 link local addresses are not configured when an interface is in a VRF
T4337
isis: IETF SPF delay algorithm can not be configured - results in vyos.frr.CommitError
T4338
wwan: changing interface description should not trigger reconnect
T4339
wwan: tab-completion results in "No such file or directory" if there is no WWAN interface
T4341
login: disable user-account prior to deletion and wait until deletion is complete
T4350
DMVPN opennhrp spokes dont work behind NAT
T4354
Slave interfaces fall out from bonding during configuration change
T4361
`vyos.config.exists()` does not work for nodes with multiple values
T4363
salt-minion: default mine_interval option is not set
T4366
geneve: interface is removed on changes to e.g. description
T4369
OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node
T4388
dhcp-server: missing constraint on tftp-server-name option
T4405
DHCP client sometimes ignores `no-default-route` option of an interface
T4441
wwan: connection not possible after a change added after 1.3.1-S1 release
T4447
DHCPv6 prefix delegation `sla-id` limited to 128
T4468
web-proxy source group cannot start with a number bug
T4510
set system static-host-mapping doesn't allow IPv4 and IPv6 for same name.
T4513
Webproxy monitor commands do not work
T4521
bond: ARP monitor interval is not configured despite set via CLI
T4525
Delete interface from VRF and add it to bonding error
T4527
Prevent to create VRF name default
T4532
Flow-accounting IPv6 server/receiver bug
T4534
bond: bridge: error out if member interface is assigned to a VRF instance
T4537
MACsec not working with cipher gcm-aes-256
T4538
Macsec does not work correctly when the interface status changes.
T4565
vlan aware bridge not working with - Kernel: T3318: update Linux Kernel to v5.4.205 #249
T4572
Add an option to force interface MTU to the value received from DHCP
T4579
bridge: can not delete member interface CLI option when VLAN is enabled
T4592
macsec: can not create two interfaces using the same source-interface
T4616
openconnect: KeyError: 'local_users'
T4618
Traffic policy not set on virtual interfaces
T4632
VLAN-aware bridge not working
T4653
Interface offload options are not applied correctly
T4666
EAP-TLS no longer allows TLSv1.0 after T4537, T4584
Other resolved issues
1.3.1 (21th March 2022)
Security
T4204
Update Accel-PPP to a newer revision
T4310
CVE-2022-0778: infinite loop in OpenSSL certificate parsing
T4311
CVE-2021-4034: local privilege escalation in PolKit
Configuration syntax changes (automatically migrated)
T1972
Allow setting interface name for virtual_ipaddress in VRRP VRID
T4273
ssh: Upgrade from 1.2.X to 1.3.0 breaks config
New features and improvements
T1972
Allow setting interface name for virtual_ipaddress in VRRP VRID
T2400
OpenVPN: dont restart server if no need
T2764
Increase maximum number of NAT rules
T3164
console-server ssh does not work with RADIUS PAM auth
T3299
Allow the web proxy service to listen on all IP addresses
T3854
Missing op-mode commands for conntrack-sync
T3872
Add configurable telegraf monitoring service
T4055
Add VRF support for HTTP(S) API service
T4100
Firewall increase maximum number of rules
T4120
[VXLAN] add ability to set multiple unicast-remotes
T4128
keepalived: Upgrade package to add VRF support
T4261
MACsec: add DHCP client support
Bug fixes
T2922
The `vpn ipsec logging log-modes` miss the IPSec daemons state check
T3380
"show vpn ike sa" does not display IPv6 peers
T3686
Bridging OpenVPN tap with no local-address breaks
T3914
VRRP rfc3768-compatibility doesn't work with unicast peers
T3924
VRRP stops working with VRF
T4002
firewall group network-group long names restriction incorrect behavior
T4081
VRRP health-check script stops working when setting up a sync group
T4087
IPsec IKE-group proposals limit of 10 pieces
T4092
IKEv2 mobike commit failed with DMVPN nhrp
T4093
SNMPv3 snmpd.conf generation bug
T4101
commit-archive: Use of uninitialized value $source_address in concatenation
T4104
RAID1: "add raid md0 member sda1" does not restore boot sector
T4110
[IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0
T4141
Set high-availability vrrp sync-group without members error
T4142
Input ifbX interfaces not displayed in op-mode
T4152
NHRP shortcut-target holding-time does not work
T4154
Error add second gre tunnel with the same source interface
T4165
Custom conntrack rules cannot be deleted
T4168
IPsec VPN is impossible to restart when DMVPN is configured
T4183
IPv6 link-local address not accepted as wireguard peer
T4184
NTP allow-clients address doesn't work it allows to use ntp server for all addresses
T4191
Lost access to host after VRF re-creating
T4196
DHCP server client-prefix-length parameter results in non-functional leases
T4203
Reconfigure DHCP client interface causes brief outages
T4226
VRRP transition-script does not work for groups name which contains -(minus) sign
T4228
bond: OS error thrown when two bonds use the same member
T4233
ssh: sync regex for allow/deny usernames to "system login"
T4234
Show firewall partly broken in 1.3.x
T4237
Conntrack-sync error - error adding listen-address command
T4240
Cannot add wlan0 to bridge via configure
T4241
ocserv openconnect looks broken in recent bulds of 1.3 Equuleus
T4242
ethernet speed/duplex can never be switched back to auto/auto
T4258
[DHCP-SERVER] error parameter on Failover
T4259
The conntrackd daemon can be started wrongly
T4263
vyos.util.leaf_node_changed() dos not honor valueLess nodes
T4264
vxlan: interface is destroyed and rebuild on description change
T4267
Error - Missing required "ip key" parameter
T4273
ssh: Upgrade from 1.2.X to 1.3.0 breaks config
T4297
Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings
T4377
generate tech-support archive includes previous archives
Other resolved issues
1.3.0 (21th December 2021)
Breaking changes
T3350
OpenVPN config file generation broken
T3866
Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax
Configuration syntax changes (automatically migrated)
T2162
migration script for router-advert sets link-mtu 0 on bridge interfaces
T2691
Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch
T3293
RPKI migration script errors out after CLI rewrite
New features and improvements
T3704
Add ability to interact with Areca RAID adapers
T3745
op-mode IPSec show vpn ipse sa sorting
T3912
Use a more informative default post-login banner
T3945
Add route-map for bgp aggregate-address
T3971
Ability to build ISO images for XCP-NG hypervisor
T4012
Add VRF support for TFTP
T4013
Add pkg cloudwatch for AWS images
T4046
Sflow - Add Source address parameter
T4049
support command-style output with compare command
T4082
Add op mode command to restart ldpd
T4084
Dehardcode the default login banner
Bug fixes
T1624
Failed to set up config session
T1710
[equuleus] buster: add patch to fix live-build missing key error
T1847
set_level incorrectly handles path given as empty string
T1876
IPSec VTI tunnels are deleted after rekey and dangling around as A/D
T2009
Ethernet Interface always stays down
T2022
When RADIUS config is active, local logins won't work
T2082
WireGuard broken after merging T2057
T2158
Commit fails if ethernet interface doesn't support flow control (pause)
T2162
migration script for router-advert sets link-mtu 0 on bridge interfaces
T2164
Package libstrongswan-standard-plugins missing from image
T2167
vyos.ifconfig.get_mac() broken
T2176
'WiFiIf' object has no attribute 'set_state'
T2177
Commit fails on adding disabled interface to bridge
T2241
Changing settings on an interface causes it to fall out of bridge
T2273
OpenVPN no longer starts in latest rolling, migrate to systemd
T2283
openvpn not starting: ccd path in template not moved to /run/openvpn/ccd
T2293
OpenVPN: UnboundLocalError after merging server_network PullRequest
T2318
dns-forwarding migration script breaks with invalid interface name
T2337
hw-id gone missing from interfaces after upgrade to 1.3-rolling-202004191028
T2427
Interface addressing broken since fix for T2372 was merged
T2466
live-build encounters apt dependency problem when building with local packages
T2578
ipaddrcheck unaware of /31 host addresses - can no longer assign /31 mask to interface addresses
T2600
RADIUS system login configuration rendered wrongly
T2624
Serial Console: fix migration script for configured powersave and no console
T2642
sshd fails to start due to configuration error
T2678
High RAM usage on SSH logins with lots of IPv6 routes in the routing table.
T2682
VRF aware services - connection no longer possible after system reboot
T2691
Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch
T2746
IPv6 link-local addresses not configured
T2758
router-advert: 'infinity' is not a valid integer number
T2886
RADIUS authentication broken only returns operator level
T2894
bond: lacp: member interfaces get removed once bond interface has vlans configured
T2952
configd: timeout breaks synchronization of messages, causing freeze
T3208
Does not possible to change user password
T3350
OpenVPN config file generation broken
T3370
dhcp: Invalid domain name "private"
T3699
login: verify selected "system login user" name is not already used by the base system.
T3707
Ping incorrect ip host checks
T3822
OpenVPN processes do not have permission to read key files generated with `run generate openvpn key`
T3866
Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax
T3886
DHCP server can not start
T3887
Removal of IPv6 BGP-peer with peer-group may trigger problems
T3913
VRF traffic fails after upgrade from 1.3.0-RC6 to 1.3.0-EPA1/2
T3934
Openconnect VPN broken: ocserv-worker general protection fault on client connect
T3962
Image cannot be built without open-vm-tools
T3972
Removing vif-c interface raises KeyError
T4015
Update Accel-PPP to a newer revision
T4019
Smoketests for SSTP and openconnect fails
T4033
VRRP - Error security when setting scripts
T4035
Geneve interfaces aren't displayed by operational mode commands
T4052
Validator return traceback on VRRP configuration with the script path not in config dir
T4053
VRRP impossible to set scripts out of the /config directory
T4167
DMVPN apply wrong param on the first configuration
T4201
Firewall - ICMPv6 matches not working as expected on 1.3.0
T4268
Elevated LA while using VyOS monitoring feature
T4296
Interface config injected by Cloud-Init may interfere with VyOS native
T4344
DHCP statistics not matching, conf-mode generates incorrect pool name with dash
T4571
Sflow with vrf configured does not use vrf to validate agent-address IP from vrf-configured interfaces
Other resolved issues
T1497
"set system name-server" generates invalid/incorrect resolv.conf
T1606
Rolling release no longer boots after adding hostname daemon
T1676
[equuleus] buster: update GRUB boot parameters during upgrade
T2129
XML schema: tagNode not allowed on first level in new XML op-mode definition
T2389
BGP community-list unknown command
T2722
get_config_dict() and key_mangling=('-', '_') will alter CLI data for tagNodes
T3182
Main blocker Task for FRR 7.4/7.5 series update
T3293
RPKI migration script errors out after CLI rewrite
T3302
Make vyos-configd relay stdout from scripts to the user's console
T3687
IS-IS is missing IPv6 support
T3689
static ipv6 route doesn't deleted in some cases
T3695
OpenConnect reports commit success when ocserv fails to start due to SSL cert/key file issues
T3697
Impossible to delete IPsec completely
T3711
service router-advert interface <name> dnssl option has no effects
T3725
show configuration in json format
T3735
Configuration with multiple network addresses of firewall network-group via colud-init fails
T4065
IPSEC configuration error: connection to unix:///var/run/charon.ctl failed: No such file or directory
T4088
Fix typo in login banner
T4115
reboot in <x> not working as expected
T4198
Error shown on commit
1.3.0-epa3 (5th November 2021)
Configuration syntax changes (automatically migrated)
T3925
Tunnel: dhcp-interface not implemented - use source-interface instead
New features and improvements
T3927
Kernel: Enable kernel support for HW offload of the TLS protocol
T3942
Generate IPSec debug archive from op-mode
Bug fixes
T3610
DHCP-Server creation for not primary IP address fails
T3846
dmvpn configuration not reapllied after "restart vpn"
T3921
tunnel: KeyError when using dhcp-interface
T3922
NHRP: delete fails
T3925
Tunnel: dhcp-interface not implemented - use source-interface instead
T3926
strip-private does not sanitize "cisco-authentication" from NHRP configuration
T3941
"show vpn ipsec sa" shows established time of parent SA not child SA's
T3943
"netflow source-ip" prevents image upgrades if IP address does not exist locally
T3944
VRRP fails over when adding new group to master
T3954
FTDI cable makes VyOS sagitta latest hang, /dev/serial unpopulated, config system error
T3956
GRE tunnel - unable to move from source-interface to source-address, commit error
T4004
IPsec ike-group parameters are not saved correctly (after reboot)
T4034
"make xcp-ng-iso" still includes vyos-xe-guest-utilities
Other resolved issues
T3188
Tunnel local-ip to dhcp-interface Change Fails to Update
T3341
Wrong behavior of the "reset vpn ipsec-peer XXX tunnel XXX" command
T3626
Configuring and disabling DHCP Server
T3918
DHCPv6 prefix delegation incorrect verify error
T3920
dhclient exit hook script 01-vyos-cleanup causes too many arguments error
T3990
WATCHFRR: crashlog and per-thread log buffering unavailable (due to files left behind in /var/tmp/frr/ after reboot)
T4005
Feature Request: IPsec IKEv1 + IKEv2 for one peer
1.3.0-epa2 (18th October 2021)
New features and improvements
T3277
DNS Forwarding - reverse zones
T3885
dhcpv6-pd: randomly generated DUID is not persisted
T3890
dhcp(v6): provide op-mode commands to retrieve both server and client logfiles
T3899
Add support for hd44780 LCD displays
Bug fixes
T3750
pdns-recursor 4.4 issue with dont-query and private DNS servers
T3874
D-Link Ethernet Interface not working.
T3877
VRRP always enabled rfc3768-compatibility even when not specified
T3878
get_config_dict() no_tag_node_value_mangle has no effect
T3879
GPG key verification fails when upgrading from a 1.3 beta version
T3883
VRF - Delette vrf config on interface
T3893
MGRE Tunnel commit crash If sit tunnel available
T3894
Tunnel Commit Failed if system does not have `eth0`
T3904
NTP pool associations silently fail
Other resolved issues
T3422
Dynamic DNS doesn't allow zone field with cloudflare protocol
T3425
Scripts from the /config/scripts/ folder do not run on live system
T3880
EFI boot shows error on display
T3882
Upgrade PowerDNs recursor to 4.5 series
T3888
Incorrect warning when poweroff command executed from configure mode.
T3889
Migrate to journalctl when reading daemon logs
1.3.0-epa1 (30th September 2021)
Configuration syntax changes (automatically migrated)
T3672
DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output
T3779
Backport all 1.4 IS-IS features and configuration to 1.3 except VRF
T3804
cli: Migrate and merge "system name-servers-dhcp" into "system name-server"
T3842
Backport DHCP server improvements from VyOS 1.4 sagitta to 1.3 equuleus
New features and improvements
T1099
Openvpn: use config files instead of one long command.
T1154
use of local cache to build iso
T1176
FRR - BGP replicating routes
T1350
VRRP transition script will be executed once only
T3716
Linux kernel parameters ignore_routes_with_link_down- ignore disconnected routing connections
T3779
Backport all 1.4 IS-IS features and configuration to 1.3 except VRF
T3789
Add custom validator for base64 encoded CLI data
T3803
Add source-address option to the ping CLI
T3804
cli: Migrate and merge "system name-servers-dhcp" into "system name-server"
T3840
dns forwarding: Cache size should allow values > 10k
T3841
dhcp-server: add ping-check option to CLI
T3842
Backport DHCP server improvements from VyOS 1.4 sagitta to 1.3 equuleus
T3857
reboot: send wall message to all users for information
T3859
Add "log-adjacency-changes" to ospfv3 process
Bug fixes
T945
Unable to change configuration after changing it from script (vbash + script-template)
T1148
epa2 BGP peers initiate before config is fully loaded, routes leak.
T1249
multiple PBR rules can set to a single interface
T1894
FRR config not loaded after daemons segfault or restart
T2019
LLDP wrong config generation for interface 'all'
T2127
restart dhcp server reports a failure
T2161
snmpd cannot start if ipv6 disabled
T2328
dhcpv6 server not starting (disable check reversed?)
T2430
cannot delete specific route static next-hop
T2432
dhcpd: Can't create new lease file: Permission denied
T2434
Duplicate Address Detection Breaks Interfaces
T2525
OSPFv3 missing route map, not establishing
T2623
Creating sit tunnel fails with “Can not set “local” for tunnel sit tun1 at tunnel creation”
T2738
Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization
T2759
validate-value prints error messages from validators that fail even if overall validation succeeds
T2800
Pseudo-Ethernet: source-interface must not be member of a bridge
T2895
VPN IPsec "leftsubnet" declared 2 times
T2920
Commit crash when adding the second mGRE tunnel with the same key
T2931
Unicode decode error causes vyos.configd service to restart
T2941
Using a non-ASCII character in the description field causes UnicodeDecodeError in configsource.py
T3076
Router reboot adds unwanted 'conntrack-sync mcast-group '225.0.0.50'' line to configuration
T3196
No NAT translations showing up
T3219
Typo in openvpn server client config for IPv6 iroute
T3601
Error in ssh keys for vmware cloud-init if ssh keys is left empty.
T3637
vrf: bind-to-all didn't work properly
T3672
DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output
T3708
isisd and gre-bridge commit error
T3731
verify_accel_ppp_base_service return wrong config error for SSP
T3738
openvpn fails if server and authentication are configured
T3740
HTTPs API breaks when the address is IPv6
T3756
VyOS generates invalid QR code for wireguard clients
T3772
VRRP virtual interfaces are not shown in show interfaces
T3773
Delete the "show system integrity" command (to prepare for a re-implementation)
T3777
adding IPv6 EUI64 address fails commit in 1.3.0-rc6
T3781
Revert the NAT implementation in 1.3 back to iptables
T3782
Ingress Shaping with IFB No Longer Functional with 1.3
T3783
"set protocols isis spf-delay-ietf" is not working
T3786
GRE tunnel source address 0.0.0.0 error
T3788
Keys are not allowed with ipip and sit tunnels
T3790
Does not possible to configure PPTP static ip-address to users
T3792
login: A hypen present in a username from "system login user" is replaced by an underscore
T3797
show interface errors with vrrp configuration
T3802
Commit fails if ethernet interface doesn't support flow control
T3805
OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface
T3806
Don't set link local ipv6 address if MTU less then 1280
T3807
Op Command "show interfaces wireguard" does not show the output
T3808
ipsec is mistakenly restarted after delete
T3816
Error after entering outbound-interface command in NAT
T3850
Dots are no longer allowed in SSH public key names
T3860
Error on pppoe, tunnel and wireguard interfaces for IPv6 EUI64 addresses
T3867
vxlan: multicast group address is not validated
Other resolved issues
T1202
Add `hvinfo` to the packages directory
T1214
Add `ipaddrcheck` to the packages directory
T1236
Update Linux Kernel
T2027
get_config_dict is failing when the configuration section is empty/missing
T2555
XML op-mode generation scripts silently discard XML nodes
T2727
Add a dotted decimal value validator
T2927
isc-dhcpd release and expiry events never execute
T3217
Save FRR configuration on each commit
T3234
multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions
T3254
Dynamic DNS status shows incorrect last update time
T3291
Fault on setting offload RPS with single-core CPU
T3362
1.3 - RC1 ifb redirect failing to commit
T3381
Change GRE tunnel failed
T3396
syslog can't be configured with an ipv6 literal destination in 1.2.x
T3431
Show version all bug
T3537
Unable to override the default OSPFv3 link cost for wireguard interface
T3634
Add op command option for ping for do not fragment bit to be set
T3683
VXLAN not accept ipv6 and source-interface options and mtu bug
T3730
op-mode conntrack-sync miss some functions
T3732
override-default helper should support adding defaultValues to default less nodes
T3768
Remove early syntaxVersion implementation
T3776
Rename FRR daemon restart op-mode commands
T3814
wireguard: commit error showing incorrect peer name from the configured name
T3819
Upgrade Salt Stack 3002.3 -> 3003 release train
T3820
PowerDNS recursor - update from 4.3 -> 4.4 to sync with current