VyOS 1.2.0-rc6 is available for download

As usual, every week we make a new release candidate so that people interested in testing can test the changes quickly and people who reported bugs can confirm they are resolved or report further issues.

VyOS 1.2.0-rc6 is available for download from https://downloads.vyos.io/?dir=testing/1.2.0-rc6

It includes a small but significant number of bugfixes and a couple of removed commands.

Package updates

VyOS 1.2.0-rc6 uses the Linux kernel 4.19.0. The 4.19 kernel will be the next LTS version, it should be a good kernel to stick with for the lifetime of the 1.2.0 release.

The 4.18 kernel was quite buggy, and 4.14.75 had annoying bugs with small packets causing packet loss in Xen that was solved in later versions.

This image also uses built-in drivers for Mellanox cards rather than those built from the official tarball, since they do not build for newer kernels yet. If you are using one of their fifth generation cards, let us know if it works for you.

Wireguard issues

Issues with creating multiple wireguard interfaces (T949) and with wireguard interfaces disappearing after reboot (T943) have been resolved.

Issues with removing long format IPv6 addresses from interfaces

It was always possible to use long format of IPv6 addresses, with leading zeroes, like 2001:db8:0:0:0:0:0:1/64 (T288), but it was impossible to delete them without rebooting the router because iproute2 does compacts addresses at set time and doesn't recognize the short and long forms as the same address. We've added a workaround for it and it should no longer be a problem.

Import route-map not set for IPv4 BGP peer groups

There was an issue with setting import route-map for IPv4 peer groups (T924). I have to admit I simply forgot to convert one of the commands to the new "address-family ipv4-unicast" syntax, so the path existed in the CLI, but was never passed to FRR correctly. Now it should work as expected.

New command for checking VyOS installation integrity

If you, like me, can never remember if you are running a stock image or a modified installation, this is for you.

dmbaturin@vyos:~$ show system-integrity 
The following packages don't fit the image creation time:
build time:     2018-11-06 01:28:00
installed: 2018-11-06 01:44:28  vyos-1x

It only shows is any packages were installed on top of the image, and not whether any files were modified, but that's better than nothing.

Removed commands

The "run show vpn debug detail" operational mode command was removed because it was based on a script that StrongSWAN no longer provides, and reimplementing it is probably more trouble than it's worth since it just aggregates information already available in the logs and output of other commands.

We have also removed the "set service dhcp-relay relay-options port" command. The DHCP RFC nowhere says that servers or relays MAY use a port other than UDP/67, and almost no clients support alternative ports either, so this option hardly has any practical value. If you used to use it, it will disappear from your config. If you actually need it, please tell us about your use case.



11 responses
Your wiki example for wireguard should include the alias / identifier for the peer and the pubkey should be one level down. I tried to update it on the Wiki but the anti-spambot killed me. vyos@vyos# configure vyos@vyos# set interfaces wireguard wg01 address '10.1.0.1/24' vyos@vyos# set interfaces wireguard wg01 port '12345' vyos@vyos# set interfaces wireguard wg01 peer '' pubkey '' vyos@vyos# set interfaces wireguard wg01 peer '' allowed-ips '10.0.0.0/24' vyos@vyos# set interfaces wireguard wg01 peer '' persistent-keepalive 15 vyos@vyos# set protocols static interface-route '10.0.0.0/24' next-hop-interface wg01 vyos@vyos# commit vyos@vyos# save '''On client 1:''' vyos@vyos# configure vyos@vyos# set interfaces wireguard wg01 address '10.0.0.1/24' vyos@vyos# set interfaces wireguard wg01 port '12345' vyos@vyos# set interfaces wireguard wg01 peer '' pubkey '' vyos@vyos# set interfaces wireguard wg01 peer '' allowed-ips '10.1.0.0/24' vyos@vyos# set interfaces wireguard wg01 peer '' endpoint '192.168.0.115:12345' vyos@vyos# set interfaces wireguard wg01 peer '' persistent-keepalive 15 vyos@vyos# set protocols static interface-route '10.1.0.0/24' next-hop-interface wg01 vyos@vyos# commit vyos@vyos# save
set interfaces wireguard wg01 peer '' pubkey '' set interfaces wireguard wg01 peer '' persistent-keepalive 15 set interfaces wireguard wg01 peer 'server' pubkey 'kl6NCcTXmGtoxLyvaNvSkKqq/q7Nb6b15eGZN9Py0Fg=' set interfaces wireguard wg01 peer 'server' persistent-keepalive 15
Now that you're going with 4.19, you should expose CAKE (https://www.bufferbloat.net/projects/codel/wiki...), which was incorporated in the kernel precisely in 4.19
9 visitors upvoted this post.