「1.1.0/リリースノート」の版間の差分

提供: VyOS jp
移動: 案内検索
(コンフィグモード)
49行: 49行:
 
{| class="wikitable"
 
{| class="wikitable"
 
  |-
 
  |-
  ! Command
+
  ! コマンド
  ! Status
+
  ! ステータス
  ! Comment
+
  ! コメント
 
  |-
 
  |-
 
  | set interfaces ethernet ethX pppoe X disable
 
  | set interfaces ethernet ethX pppoe X disable

2014年10月10日 (金) 03:20時点における版

概要

1.1.0 リリース ("helium" ブランチ) は、 1.0.x から機能を追加したリリースです。

新機能

実験的な機能:

新しいパイプ:

| strip-private — コンフィグモードの "show" コマンドの出力からプライベートな情報を除外します。

# show system login | strip-private 
 user xxxxxx {
     authentication {
         encrypted-password xxxxxx
     }
     level admin
 }

| commands — コンフィグモードの "show" コマンドの出力をコマンド形式に変換します。

# show interfaces tunnel | commands 
set tunnel tun0 encapsulation 'gre'
set tunnel tun0 local-ip '10.46.1.242'
set tunnel tun0 remote-ip '10.91.19.1'

アップグレードについて

Vyatta Core と VyOS 1.0.x は、 "add system image" により、アップグレード可能です。特別な手順はありません。

CLI の変更

コンフィグモード

既存機能に対する変更点:

コマンド ステータス コメント
set interfaces ethernet ethX pppoe X disable Added Administratively disables a PPPoE session
set interfaces ethernet eth0 pppoe 0 default-route <auto none force> Modified Allows "force" option to force default route via PPPoE session
set vpn pptp remote-access authentication require <chap pap mschap mschap-v2> Added Require specific authentication protocol
set interfaces openvpn vtunX server reject-unconfigured-clients Added Rejects clients that are not configured under "server client" (OpenVPN --ccd-exclusive option)
set interfaces openvpn <name> persistent-tunnel Added --persist-run OpenVPN option
set interfaces <ethernet pseudo-ethernet bridge bonding> ... ip disable-arp-filter Added Disables ARP filter on an interface
set interfaces <ethernet pseudo-ethernet bridge bonding> ... ip enable-arp-accept Added Enables arp-accept on this interface
set interfaces <ethernet pseudo-ethernet bridge bonding> ... ip enable-arp-announce Added Enables arp-announce on this interface
set interfaces <ethernet pseudo-ethernet bridge bonding> ... ip enable-arp-ignore Added Enables arp-ignore on this interface
set system options ctrl-alt-del-action <ignore reboot poweroff> Added Changes actions the system performs on Ctrl-Alt-Del (default is ignore)
set firewall twa-hazards-protection <enable disable> Added Enables or disables RFC1337 TIME-WAIT assasination hazards protection
set interfaces <type> <name> ip source-validation <disable loose strict> Added Sets source validation policy for specified interface
set interfaces ethernet ethX ipv6 router-advert name-server <ipv6 address> Added Sets RFC6106 name server to advertise in RA
set protocols rip passive-interface <interface-name or "default"> Modified "default" option is now available
set system syslog host <host> facility <facility> protocol (tcp udp) Added Sets remote syslog protocol to TCP or UDP
set service snmp smux-peer <oid> Added Sets SMUX peer OID
set vpn ipsec ike-group <group> proposal <proposal> dh-group <2 5 14-26> Modified DH groups 14 to 26 can be set now, apart from 2 and 5
set vpn ipsec <ike-group esp-group> proposal <proposal> hash <md5 sha1 sha256 sha384 sha512> Modified Accepts SHA2 sums now, apart from MD5 and SHA1
set vpn ipsec ike-group <group> key-exchange <ikev1 ikev2> Added Sets key exchange protocol version. Default is IKEv2.
set vpn ipsec ike-group <group> mobike <enable disable> Added Enables or disables MOBIKE. For IKEv1, default is disable; for IKEv2, default is enable.
set service ssh ciphers <ciphers list> Added Restricts SSH to ciphers from the list
set interfaces ... ip proxy-arp-pvlan Added Enable private VLAN proxy ARP for the interface

オペレーションモード

Command Status Comment
restart webproxy clear-cache Added Clears webproxy cache and restarts the process (it's not possible to clear cache without restart)
force arp reply interface <interface name> address <MAC address> Added Sends gratuitous ARP reply for specific address
force arp request interface <interface name> address <MAC address> Added Sends gratuitous ARP request for specific address
show system memory cache Fixed Shows kernel cache information
show ip route cache Deprecated Returns nothing now, as route cache was removed from the kernel

挙動の変更

Command/action/component Change Old behaviour Motivation
run generate openvpn key <file> Places the key file in /config/auth unless a full path is specified Used to place it in current user home dir Ease of use, persistence through upgrades
DHCPv6 server DHCPv6 server leases are now stored in /config Used to store it in /var/lib Persistence through upgrades
Firewall groups Firewall port-groups and address-groups now use native IPset range feature Used to call IPset repeatedly for each member Performance
Wireless First offered cipher is now CCMP Used to offer TKIP and then CCMP Some broken clients use the first offered cipher

解決済の課題

Bug ID Severity Title Contributor
Bug #2 Enhancement Add a command to clear the squid web proxy cache Ewald van Geffen
Bug #7 Descriptions for openvpn interfaces are invisible in "show interfaces" Enhancement Alex Harpin
Bug #8 Enhancement 'generate openvpn key <filename>' should place the key file in the appropriate/suggested directory (/config/auth) Daniil Baturin
Bug #12 Provide a config parameter to administratively disable a pppoe session. Enhancement Daniil Baturin
Bug #13 Enhancement PPTP/L2TP: provide options to require or refuse individual authentication protocols Toni Cunyat
Bug #14 Enhancement openvpn - add ability on server to limit connection to clients with existing configuration files Daniil Baturin
Bug #19 Enhancement Add support for 802.1ad "Q-in-Q" VLANs Kim Hagen
Bug #21 Enhancement Add the ability to adjust system ARP settings via the CLI on a per interface basis Kim Hagen
Bug #37 Enhancement Add Linux Standards Base release package Kim Hagen, Daniil Baturin
Bug #39 Enhancement Add op-mode commands to send gratuitous ARP messages Daniil Baturin
Bug #45 Minor better input validation could avoid messy iptables error output for misconfigured ports Daniil Baturin
Bug #71 Minor "show system memory cache" gives "permission denied" message Kim Hagen
Bug #73 Enhancement Make Ctrl-Alt-Del behaviour configurable hydrajump
Bug #82 Enhancement Add support for Hyper-v vlan trunking Kernel developers
Bug #86 Minor Qos Bug with multiple class match rules Ubiquiti (Stig Thormodsrud), Carl Byington
Bug #87 Trivial Values for "authoritative" option don't show up in completion Daniil Baturin
Bug #97 Text System shows "Linux vyatta 3.3.8-1-amd64-vyatta" at login Daniil Baturin
Bug #99 Minor build-iso README is outdated Daniil Baturin
Bug #100 Enhancement Automate build environment setup Hiroyuki Sato
Bug #102 Trivial No completion for as-path-list in route-map rule Daniil Baturin
Bug #104 Enhancement Add an option to remove private information from displayed config Daniil Baturin
Bug #108 Enhancement Utilize Linux-specific implementation of RFC1337 Daniil Baturin
Bug #115 Minor Syntax: CLI allows users to commit namespaces reserved by IPTables (MARK, CONNMARK, etc.) Daniil Baturin
Bug #122 Minor DHCPv6 server lease file is written to /var/log which is not preserved through image upgrades Daniil Baturin
Bug #128 Trivial IpSet.pm still calls ipset for each port in a port-range making a complex firewall boot last ages Paweł Pierścionek, Daniil Baturin
Bug #129 Text Extra quote in "set protocols ospf distance global" help string Trick van Staveren
Bug #147 Enhancement Please implement BCP38 (Reverse Path Filtering) Ubiquiti (Stig Thormodsrud)
Bug #149 Enhancement Please implement VrrpV6 Florian Fuessl
Bug #152 Enhancement Router Advertisment RFC4191 Specific Routes and RFC6106 DNS configuration not impimented in CLI and Vyos configuration Ivan Malyarchuk
Bug #159 Enhancement Feature Request: Support for "dummy" interface configuration Daniil Baturin
Bug #160 Minor Invalid DHCP configuration can cause dhcpd to silently fail Alex Harpin
Bug #170 Enhancement Add unmanaged L2TPv3 support Yuya Kusakabe
Bug #171 Minor Non-optimal partition alignment in installer hydrajump, Daniil Baturin
Bug #178 Major Please *don't* remove non-PAE capability Daniil Baturin
Bug #181 Minor Check to verify private key may fail for certain valid keys Ralf Ertzinger
Bug #182 Minor System DHCP client behavior overrides hard-coded DNS settings Alex Harpin
Bug #186 Enhancement RIP passive-interface "default" missing from config template Kim Hagen
Bug #195 Enhancement Send message to remote syslog server over UDP or TCP Abdelouahed Haitoute
Bug #196 Enhancement Add smuxpeer in snmpd.conf Abdelouahed Haitoute
Bug #197 Enhancement Add support for additional DH groups to IPsec Ryan Riske
Bug #200 Major UNIONTYPE=overlayfs seems to break helium iso builds since 2014-04-25 Patrick van Staveren, Hiroyuki Sato, Kim Hagen, Daniil Baturin
Bug #204 Minor wireless-hostapd: ensure the cipher value given is used by hostapd Alex Harpin
Bug #205 Minor wireless-hostapd: set the default cipers to CCMP TKIP Alex Harpin
Bug #218 Text traffic-policy help is hard to understand Hiroyuki Sato
Bug #220 Enhancement Add support for SHA2 hashes Rian Riske
Bug #221 Minor Openvpn server mode makes remote client loose default openvpn on dhcp renew Toni Cunyat
Bug #222 Enhancement Initial IKEv2 Support Jeff Leung
Bug #223 Minor Remove automatic IKE version negoiation Jeff Leung
Bug #224 Enhancement Initial MOBIKE Configuration Support Jeff Leung
Bug #225 Minor wireless-config: fix "use of uninitialized value" warning Alex Harpin
Bug #230 Major radvd only respecting last interface in radvd.conf Daniil Baturin
Bug #233 Major task-scheduler: restart script missing Ubiquiti (Stig Thormodsrud)
Bug #234 Minor task-scheduler should verify valid cron file name Ubiquiti (Stig Thormodsrud)
Bug #237 Enhancement Add support for cipher and macs overrides in SSH server neutralrockets
Bug #239 Enhancement Getting the version number by using dpkg will not work when upgrading to newer version of debian. Kim Hagen
Bug #241 Major IPsec VPN allows protected traffic out unencrypted before IKE negotiation completes Ryan Riske
Bug #245 Minor vyos constant "failed to get vmstats" spam to /var/log/messages from vmware-tools vmsvc Kim Hagen
Bug #246 Enhancement Allow configuring/changing VyOS Linux bridge /sys multicast IGMP querier settings Daniil Baturin
Bug #247 Major VyOS helium Linux 3.13 kernel .config doesn't have vmxnet3 driver enabled/available Kim Hagen
Bug #250 Trivial Helium build fail Cause "Untrusted packages could compromise your system's security" Alex Harpin
Bug #251 Enhancement Add ability to convert config mode "show" output to set commands Daniil Baturin
Bug #255 Minor dnsmasq returns 127.0.1.1 to clients requesting the VyOS router's name Daniil Baturin, Paul Gear
Bug #256 Major When for reboot, Configuration of L2TPv3 is not load ftoyama
Bug #258 Major Unable to add l2tp_ip module for L2TPv3 over ip ftoyama
Bug #259 Major unable to delete tunnel Daniil Baturin
Bug #261 Minor Quotes in snmpd.conf sysLocation and sysContact not required Alex Harpin
Bug #263 Major vyos-kernel: enable atheros wireless drivers in the helium 3.13 kernel Alex Harpin
Bug #265 Trivial linux-firmware: remove deprecated ar9170usb firmware Alex Harpin
Bug #266 Major vyos-kernel: enable atheros HTC drivers in the helium 3.13 kernel Alex Harpin
Bug #267 Major vyos-kernel: enable atheros USB drivers in the helium 3.13 kernel Alex Harpin
Bug #268 Major linux-firmware: add carl9170 firmware required by kernel module Alex Harpin
Bug #269 Trivial GRUB menu says it's an AWS AMI even if it's not Daniil Baturin
Bug #270 Enhancement Add an option to always replace default route Ewald van Geffen
Bug #271 Enhancement Add an event handling mechanism Daniil Baturin, Jon Andersson
Bug #274 Trivial IPv6 RA "send-advert", "other-config-flag", and "managed-flag" lack value completion Daniil Baturin
Bug #276 Enhancement vyos-kernel: update config files for the latest kernel Alex Harpin
Bug #280 Enhancement vyos-kernel: enable realtek rtl8723ae kernel modules for all configs Alex Harpin
Bug #281 Enhancement vyos-kernel: enable kernel stack overflow protection for all configs Alex Harpin
Bug #283 Enhancement vyos-kernel: disable kernel debugging for all configs Alex Harpin
Bug #295 Minor wireless-hostapd: set default ciphers used based on the wpa mode Alex Harpin
Bug #296 Text Tidy up output on "show dhcp server leases" Alex Harpin
Bug #297 Enhancement Sticky incoming connection support for WLB Ewald van Geffen
Bug #300 Major Entering configuration mode as root screws up running config permissions Daniil Baturin
Bug #301 Major Enable VXLAN kernel module for 586-vyos kernel version Alex Harpin
Bug #303 Minor tail is not working (tailing) Alex Harpin, Daniil Baturin
Bug #305 Minor Allow interfaces with dhcp addresses to be deleted Alex Harpin
Bug #306 Enhancement Add proxy_arp_pvlan support Shane Short, Daniil Baturin
Bug #309 Enhancement Expand 'set system allow-dhcp-nameservers' logic Alex Harpin
Bug #314 Enhancement Rename allow-dhcp-nameservers and change to typeless Alex Harpin
Bug #317 Enhancement vyatta-cfg-vpn: add libnfnetlink-dev to build dependencies Alex Harpin
Bug #318 Enhancement Add support for persistent tunnels (--persist-tun) in OpenVPN Alex Harpin
Bug #320 Text Tidy up output on "show openvpn <type> status" messages Alex Harpin
Bug #321 Major Shaping does not work for PPPoE interfaces Alex Harpin
Bug #326 Major Import patch from Redhat for CVE-2014-7169 Alex Harpin, Daniil Baturin
Bug #331 Trivial Show vpn ipsec status always returns "no IP on interface..." Trick van Staveren
Bug #332 Minor Prevent duplicate local rsa key includes Alex Harpin
Bug #333 Major Return correct path for pppoe or pppoa interfaces Alex Harpin
Bug #337 Major After upgrade from 1.0.3 to 1.1.0beta1, VRRP unable to communicate with other node Daniil Baturin
Bug #341 Minor Allow dhcp and dhcpv6 addresses to be deleted Alex Harpin

開発環境の変更

  • Added "tools/setup-vyos-build-env" script that automatically setups basic ISO build dependencies.