We have just released VyOS 1.2.1. The images are available to subscribers and public clouds images submitted, and if you build an image from the Crux branch now, it will be equivalent to those images.

A number of issues have been resolved, and a small feature was added.



Resolved issues

Package updates: kernel 4.19.32, open-vm-tools 10.3, latest Intel NIC drivers.

The kernel now includes drivers for various USB serial adapters, which allows people to add a serial console to a machine without onboard RS232, or connect to something else from the router (T1326).

The collection of network card firmware is now much more extensive.

VRRP correctly uses a virtual rather than physical MAC addresses in the RFC-compliant mode (T1271).

DHCP WPAD URL option works correctly again (T1330)

Many to many NAT rules now can use source/destination and translation networks of non-matching size (T1312). If 1:1 network bits translation is desired, it’s now user’s responsibility to check if prefix length matches.

IPv6 network prefix translation is fixed (T1290).

Non-alphanumeric characters such as “>” can now be safely used in PPPoE passwords (T1308).

“show | commands” no longer fails when a config section ends with a leaf node such as “timezone” in “show system | commands” (T1305).

“show | commands” correctly works in config mode now (T1235).

VTI is now compatible with the DHCP-interface IPsec option (T1298).

“show dhcp server statistics” command was broken in latest Crux (T1277).

An issue with TFTP server refusing to listen on addresses other than loopback was fixed (T1261).

Template issue that might cause UDP broadcast relay fail to start is fixed (T1224).

VXLAN value validation is improved (T1067).

Blank hostnames in DHCP updates no longer can crash DNS forwarding (T1211).

Correct configuration is now generated for DHCPv6 relays with more than one upstream interface (T1322).

“relay-agents-packets” option works correctly now (T1234).

Dynamic DNS data is now cleaned on configuration change (T1231).

Remote Syslog can now use a fully qualified domain name (T1282).

ACPI power off works again (T1279).

Negation in WAN load balancing rules works again (T1247).

FRR’s staticd now starts on boot correctly (T1218).

The installer now correctly detects SD card devices (T1296).

Wireguard peers can be disabled now (T1225).

The issue with wireguard interfaces impossible to delete is fixed (T1217).

Unintended IPv6 access is fixed in SNMP configuration (T1160).

It’s now possible to exclude hosts from the transparent web proxy (T1060).

An issue with rules impossible to delete from the zone-based firewall is fixed (T484).

Script profiling support

Sometimes commits are slow, and we would like every such case to be reported, but finding the bottlenecks can be a real hassle. To simplify it, we have added rudimentary support for commit script profiling to the development branch, and now it’s backported to 1.2.1 too.

To run a commit with profiling enabled, set the VYOS_DEBUG environment variable to a non-empty value, for example: VYOS_DEBUG=on commit

To enable profiling at boot time, add “vyos-debug” option to the kernel command line.

The logs are in /var/log/vyatta/cfg-stdout.log

VMWare ready OVA

VyOS from OVA now backed by cloud-init and can be configured interactively or non-interactively via ovftool from VMware products or via Ansible or Saltstack.

This release also first release that is officially designated as VMWare Ready

OpenStack image

1.2.1 release also first release with basic OpenStack support, a raw image comes with cloud-init preconfigured for OpenStack. This should greatly facilitate deployments in private and public clouds backed by OpenStack.

Nutanix AHV Support

Just like with VMWare, we now fully support Nutanix AHV as hypervisor