1.1.0/リリースノート

提供: VyOS jp
2014年9月28日 (日) 08:11時点におけるHigebu (トーク | 投稿記録)による版

(差分) ←前の版 | 最新版 (差分) | 次の版→ (差分)
移動: 案内検索

Overview

1.1.0 release ("helium" branch) is the feature expansion release following 1.0.x series.

New features

New pipes:

| strip-private — removes private information from the conf mode "show" output.

# show system login | strip-private 
 user xxxxxx {
     authentication {
         encrypted-password xxxxxx
     }
     level admin
 }

| commands — converts conf mode "show" output to set commands.

# show interfaces tunnel | commands 
set tunnel tun0 encapsulation 'gre'
set tunnel tun0 local-ip '10.46.1.242'
set tunnel tun0 remote-ip '10.91.19.1'

Upgrade notes

Both legacy VC systems and VyOS 1.0.x systems can be upgraded with "add system image", no special actions needed.

CLI changes

Configuration mode

Changes to already existing features:

Command Status Comment
set interfaces ethernet ethX pppoe X disable Added Administratively disables a PPPoE session
set interfaces ethernet eth0 pppoe 0 default-route <auto none force> Modified Allows "force" option to force default route via PPPoE session
set vpn pptp remote-access authentication require <chap pap mschap mschap-v2> Added Require specific authentication protocol
set interfaces openvpn vtunX server reject-unconfigured-clients Added Rejects clients that are not configured under "server client" (OpenVPN --ccd-exclusive option)
set interfaces <ethernet pseudo-ethernet bridge bonding> ... ip disable-arp-filter Added Disables ARP filter on an interface
set interfaces <ethernet pseudo-ethernet bridge bonding> ... ip enable-arp-accept Added Enables arp-accept on this interface
set interfaces <ethernet pseudo-ethernet bridge bonding> ... ip enable-arp-announce Added Enables arp-announce on this interface
set interfaces <ethernet pseudo-ethernet bridge bonding> ... ip enable-arp-ignore Added Enables arp-ignore on this interface
set system options ctrl-alt-del-action <ignore reboot poweroff> Added Changes actions the system performs on Ctrl-Alt-Del (default is ignore)
set firewall twa-hazards-protection <enable disable> Added Enables or disables RFC1337 TIME-WAIT assasination hazards protection
set interfaces <type> <name> ip source-validation <disable loose strict> Added Sets source validation policy for specified interface
set interfaces ethernet ethX ipv6 router-advert name-server <ipv6 address> Added Sets RFC6106 name server to advertise in RA
set protocols rip passive-interface <interface-name or "default"> Modified "default" option is now available
set system syslog host <host> facility <facility> protocol (tcp udp) Added Sets remote syslog protocol to TCP or UDP
set service snmp smux-peer <oid> Added Sets SMUX peer OID
set vpn ipsec ike-group <group> proposal <proposal> dh-group <2 5 14-26> Modified DH groups 14 to 26 can be set now, apart from 2 and 5
set vpn ipsec <ike-group esp-group> proposal <proposal> hash <md5 sha1 sha256 sha384 sha512> Modified Accepts SHA2 sums now, apart from MD5 and SHA1
set vpn ipsec ike-group <group> key-exchange <ikev1 ikev2> Added Sets key exchange protocol version. Default is IKEv2.
set vpn ipsec ike-group <group> mobike <enable disable> Added Enables or disables MOBIKE. For IKEv1, default is disable; for IKEv2, default is enable.
set service ssh ciphers <ciphers list> Added Restricts SSH to ciphers from the list

Operational mode

Command Status Comment
restart webproxy clear-cache Added Clears webproxy cache and restarts the process (it's not possible to clear cache without restart)
force arp reply interface <interface name> address <MAC address> Added Sends gratuitous ARP reply for specific address
force arp request interface <interface name> address <MAC address> Added Sends gratuitous ARP request for specific address
show system memory cache Fixed Shows kernel cache information

Behaviour changes

Command/action/component Change Old behaviour Motivation
run generate openvpn key <file> Places the key file in /config/auth unless a full path is specified Used to place it in current user home dir Ease of use, persistence through upgrades
DHCPv6 server DHCPv6 server leases are now stored in /config Used to store it in /var/lib Persistence through upgrades
Firewall groups Firewall port-groups and address-groups now use native IPset range feature Used to call IPset repeatedly for each member Performance
Wireless First offered cipher is now CCMP Used to offer TKIP and then CCMP Some broken clients use the first offered cipher

Resolved issues

Resolved issues

Bug ID Severity Title Contributor
Bug #2 Enhancement Add a command to clear the squid web proxy cache Ewald van Geffen
Bug #8 Enhancement 'generate openvpn key <filename>' should place the key file in the appropriate/suggested directory (/config/auth) Daniil Baturin
Bug #12 Provide a config parameter to administratively disable a pppoe session. Enhancement Daniil Baturin
Bug #13 Enhancement PPTP/L2TP: provide options to require or refuse individual authentication protocols Toni Cunyat
Bug #14 Enhancement openvpn - add ability on server to limit connection to clients with existing configuration files Daniil Baturin
Bug #19 Enhancement Add support for 802.1ad "Q-in-Q" VLANs Kim Hagen
Bug #21 Enhancement Add the ability to adjust system ARP settings via the CLI on a per interface basis Kim Hagen
Bug #37 Enhancement Add Linux Standards Base release package Kim Hagen, Daniil Baturin
Bug #39 Enhancement Add op-mode commands to send gratuitous ARP messages Daniil Baturin
Bug #45 Minor better input validation could avoid messy iptables error output for misconfigured ports Daniil Baturin
Bug #71 Minor "show system memory cache" gives "permission denied" message Kim Hagen
Bug #73 Enhancement Make Ctrl-Alt-Del behaviour configurable hydrajump
Bug #86 Minor Qos Bug with multiple class match rules Ubiquiti (Stig Thormodsrud), Carl Byington
Bug #97 Trivial Values for "authoritative" option don't show up in completion Daniil Baturin
Bug #97 Text System shows "Linux vyatta 3.3.8-1-amd64-vyatta" at login Daniil Baturin
Bug #99 Minor build-iso README is outdated Daniil Baturin
Bug #100 Enhancement Automate build environment setup Hiroyuki Sato
Bug #102 Trivial No completion for as-path-list in route-map rule Daniil Baturin
Bug #104 Enhancement Add an option to remove private information from displayed config Daniil Baturin
Bug #108 Enhancement Utilize Linux-specific implementation of RFC1337 Daniil Baturin
Bug #115 Minor Syntax: CLI allows users to commit namespaces reserved by IPTables (MARK, CONNMARK, etc.) Daniil Baturin
Bug #122 Minor DHCPv6 server lease file is written to /var/log which is not preserved through image upgrades Daniil Baturin
Bug #128 Trivial IpSet.pm still calls ipset for each port in a port-range making a complex firewall boot last ages Paweł Pierścionek, Daniil Baturin
Bug #129 Text Extra quote in "set protocols ospf distance global" help string Trick van Staveren
Bug #137 Enhancement Add VIM package to system It was always there. ;)
Bug #147 Enhancement Please implement BCP38 (Reverse Path Filtering) Ubiquiti (Stig Thormodsrud)
Bug #149 Enhancement Please implement VrrpV6 Florian Fuessl
Bug #152 Enhancement Router Advertisment RFC4191 Specific Routes and RFC6106 DNS configuration not impimented in CLI and Vyos configuration Ivan Malyarchuk
Bug #159 Enhancement Feature Request: Support for "dummy" interface configuration Daniil Baturin
Bug #170 Enhancement Add unmanaged L2TPv3 support Yuya Kusakabe
Bug #171 Minor Non-optimal partition alignment in installer hydrajump, Daniil Baturin
Bug #178 Major Please *don't* remove non-PAE capability Daniil Baturin
Bug #186 Enhancement RIP passive-interface "default" missing from config template Kim Hagen
Bug #195 Enhancement Send message to remote syslog server over UDP or TCP Abdelouahed Haitoute
Bug #196 Enhancement Add smuxpeer in snmpd.conf Abdelouahed Haitoute
Bug #197 Enhancement Add support for additional DH groups to IPsec Ryan Riske
Bug #200 Major UNIONTYPE=overlayfs seems to break helium iso builds since 2014-04-25 Patrick van Staveren, Hiroyuki Sato, Kim Hagen, Daniil Baturin
Bug #204 Minor wireless-hostapd: ensure the cipher value given is used by hostapd Alex Harpin
Bug #205 Minor wireless-hostapd: set the default cipers to CCMP TKIP Alex Harpin
Bug #218 Text traffic-policy help is hard to understand Hiroyuki Sato
Bug #220 Enhancement Add support for SHA2 hashes Rian Riske
Bug #221 Minor Openvpn server mode makes remote client loose default openvpn on dhcp renew Toni Cunyat
Bug #222 Enhancement Initial IKEv2 Support Jeff Leung
Bug #223 Minor Remove automatic IKE version negoiation Jeff Leung
Bug #224 Enhancement Initial MOBIKE Configuration Support Jeff Leung
Bug #225 Minor wireless-config: fix "use of uninitialized value" warning Alex Harpin
Bug #230 Major radvd only respecting last interface in radvd.conf Daniil Baturin
Bug #233 Major task-scheduler: restart script missing Ubiquiti (Stig Thormodsrud)
Bug #234 Minor task-scheduler should verify valid cron file name Ubiquiti (Stig Thormodsrud)
Bug #237 Enhancement Add support for cipher and macs overrides in SSH server neutralrockets
Bug #239 Enhancement Getting the version number by using dpkg will not work when upgrading to newer version of debian. Kim Hagen
Bug #241 Major IPsec VPN allows protected traffic out unencrypted before IKE negotiation completes Ryan Riske
Bug #245 Minor vyos constant "failed to get vmstats" spam to /var/log/messages from vmware-tools vmsvc Kim Hagen
Bug #247 Major VyOS helium Linux 3.13 kernel .config doesn't have vmxnet3 driver enabled/available Kim Hagen
Bug #251 Enhancement Add ability to convert config mode "show" output to set commands Daniil Baturin
Bug #255 Minor dnsmasq returns 127.0.1.1 to clients requesting the VyOS router's name Daniil Baturin, Paul Gear
Bug #256 Major When for reboot, Configuration of L2TPv3 is not load ftoyama
Bug #258 Major Unable to add l2tp_ip module for L2TPv3 over ip ftoyama
Bug #259 Major unable to delete tunnel Daniil Baturin
Bug #263 Major vyos-kernel: enable atheros wireless drivers in the helium 3.13 kernel Alex Harpin
Bug #265 Trivial linux-firmware: remove deprecated ar9170usb firmware Alex Harpin
Bug #266 Major vyos-kernel: enable atheros HTC drivers in the helium 3.13 kernel Alex Harpin
Bug #267 Major vyos-kernel: enable atheros USB drivers in the helium 3.13 kernel Alex Harpin
Bug #268 Major linux-firmware: add carl9170 firmware required by kernel module Alex Harpin
Bug #269 Trivial GRUB menu says it's an AWS AMI even if it's not Daniil Baturin
Bug #270 Enhancement Add an option to always replace default route Ewald van Geffen
Bug #271 Enhancement Add an event handling mechanism Daniil Baturin, Jon Andersson
Bug #274 Trivial IPv6 RA "send-advert", "other-config-flag", and "managed-flag" lack value completion Daniil Baturin

Development environment changes

  • Added "tools/setup-vyos-build-env" script that automatically setups basic ISO build dependencies.