Version 1 vs 2
Version 1 vs 2
Edits
Edits
- Edit by dmbaturin, Version 2
- Sep 22 2022 10:58 AM
- ·Generated by Ansible
- Edit by dmbaturin, Version 1
- Jun 11 2022 8:40 AM
Original Change | Most Recent Change |
Edit Current Version 1... | Edit Draft Version 2... |
Content Changes
Content Changes
**Security**
* T4204: Update Accel-PPP to a newer revision
* T4310: CVE-2022-0778: infinite loop in OpenSSL certificate parsing
* T4311: CVE-2021-4034: local privilege escalation in PolKit
**Configuration syntax changes (automatically migrated)**
* T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID
* T4273: ssh: Upgrade from 1.2.X to 1.3.0 breaks config
**New features and improvements**
* T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID
* T2400: OpenVPN: dont restart server if no need
* T2764: Increase maximum number of NAT rules
* T3164: console-server ssh does not work with RADIUS PAM auth
* T3299: Allow the web proxy service to listen on all IP addresses
* T3854: Missing op-mode commands for conntrack-sync
* T3872: Add configurable telegraf monitoring service
* T4055: Add VRF support for HTTP(S) API service
* T4100: Firewall increase maximum number of rules
* T4120: [VXLAN] add ability to set multiple unicast-remotes
* T4128: keepalived: Upgrade package to add VRF support
* T4261: MACsec: add DHCP client support
**Bug fixes**
* T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check
* T3380: "show vpn ike sa" does not display IPv6 peers
* T3686: Bridging OpenVPN tap with no local-address breaks
* T3914: VRRP rfc3768-compatibility doesn't work with unicast peers
* T3924: VRRP stops working with VRF
* T4002: firewall group network-group long names restriction incorrect behavior
* T4081: VRRP health-check script stops working when setting up a sync group
* T4087: IPsec IKE-group proposals limit of 10 pieces
* T4092: IKEv2 mobike commit failed with DMVPN nhrp
* T4093: SNMPv3 snmpd.conf generation bug
* T4101: commit-archive: Use of uninitialized value $source_address in concatenation
* T4104: RAID1: "add raid md0 member sda1" does not restore boot sector
* T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0
* T4141: Set high-availability vrrp sync-group without members error
* T4142: Input ifbX interfaces not displayed in op-mode
* T4152: NHRP shortcut-target holding-time does not work
* T4154: Error add second gre tunnel with the same source interface
* T4165: Custom conntrack rules cannot be deleted
* T4168: IPsec VPN is impossible to restart when DMVPN is configured
* T4183: IPv6 link-local address not accepted as wireguard peer
* T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses
* T4191: Lost access to host after VRF re-creating
* T4196: DHCP server client-prefix-length parameter results in non-functional leases
* T4203: Reconfigure DHCP client interface causes brief outages
* T4226: VRRP transition-script does not work for groups name which contains -(minus) sign
* T4228: bond: OS error thrown when two bonds use the same member
* T4233: ssh: sync regex for allow/deny usernames to "system login"
* T4234: Show firewall partly broken in 1.3.x
* T4237: Conntrack-sync error - error adding listen-address command
* T4240: Cannot add wlan0 to bridge via configure
* T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus
* T4242: ethernet speed/duplex can never be switched back to auto/auto
* T4258: [DHCP-SERVER] error parameter on Failover
* T4259: The conntrackd daemon can be started wrongly
* T4263: vyos.util.leaf_node_changed() dos not honor valueLess nodes
* T4264: vxlan: interface is destroyed and rebuild on description change
* T4267: Error - Missing required "ip key" parameter
* T4273: ssh: Upgrade from 1.2.X to 1.3.0 breaks config
* T4297: Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings
* T4377: generate tech-support archive includes previous archives
**Other resolved issues**
* T4227: Typo in help completion of hello-time option of bridge interface
* T4255: Unexpected print of dict bridge on delete
**Security**
* T4311: CVE-2021-4034: local privilege escalation in PolKit
* T4310: CVE-2022-0778: infinite loop in OpenSSL certificate parsing
* T4204: Update Accel-PPP to a newer revision
**New features and improvements**
* T4261: MACsec: add DHCP client support
* T4128: keepalived: Upgrade package to add VRF support
* T4120: [VXLAN] add ability to set multiple unicast-remotes
* T4100: Firewall increase maximum number of rules
* T4055: Add VRF support for HTTP(S) API service
* T3872: Add configurable telegraf monitoring service
* T3854: Missing op-mode commands for conntrack-sync
* T3299: Allow the web proxy service to listen on all IP addresses
* T3164: console-server ssh does not work with RADIUS PAM auth
* T2764: Increase maximum number of NAT rules
* T2400: OpenVPN: dont restart server if no need
* T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID
**Bug fixes**
* T4377: generate tech-support archive includes previous archives
* T4297: Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings
* T4273: ssh: Upgrade from 1.2.X to 1.3.0 breaks config
* T4267: Error - Missing required "ip key" parameter
* T4264: vxlan: interface is destroyed and rebuild on description change
* T4263: vyos.util.leaf_node_changed() dos not honor valueLess nodes
* T4259: The conntrackd daemon can be started wrongly
* T4258: [DHCP-SERVER] error parameter on Failover
* T4242: ethernet speed/duplex can never be switched back to auto/auto
* T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus
* T4240: Cannot add wlan0 to bridge via configure
* T4237: Conntrack-sync error - error adding listen-address command
* T4234: Show firewall partly broken in 1.3.x
* T4233: ssh: sync regex for allow/deny usernames to "system login"
* T4228: bond: OS error thrown when two bonds use the same member
* T4226: VRRP transition-script does not work for groups name which contains -(minus) sign
* T4203: Reconfigure DHCP client interface causes brief outages
* T4196: DHCP server client-prefix-length parameter results in non-functional leases
* T4191: Lost access to host after VRF re-creating
* T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses
* T4183: IPv6 link-local address not accepted as wireguard peer
* T4168: IPsec VPN is impossible to restart when DMVPN is configured
* T4165: Custom conntrack rules cannot be deleted
* T4154: Error add second gre tunnel with the same source interface
* T4152: NHRP shortcut-target holding-time does not work
* T4142: Input ifbX interfaces not displayed in op-mode
* T4141: Set high-availability vrrp sync-group without members error
* T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0
* T4104: RAID1: "add raid md0 member sda1" does not restore boot sector
* T4101: commit-archive: Use of uninitialized value $source_address in concatenation
* T4093: SNMPv3 snmpd.conf generation bug
* T4092: IKEv2 mobike commit failed with DMVPN nhrp
* T4087: IPsec IKE-group proposals limit of 10 pieces
* T4081: VRRP health-check script stops working when setting up a sync group
* T4002: firewall group network-group long names restriction incorrect behavior
* T3924: VRRP stops working with VRF
* T3914: VRRP rfc3768-compatibility doesn't work with unicast peers
* T3686: Bridging OpenVPN tap with no local-address breaks
* T3380: "show vpn ike sa" does not display IPv6 peers
* T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check
**Other resolved issues**
* T4476: Next steps after installation is not communicated properly to new users
* T4255: Unexpected print of dict bridge on delete
* T4227: Typo in help completion of hello-time option of bridge interface
**Security**
* T4204: Update Accel-PPP to a newer revision311: CVE-2021-4034: local privilege escalation in PolKit
* T4310: CVE-2022-0778: infinite loop in OpenSSL certificate parsing
* T4311: CVE-2021-4034: local privilege escalation in PolKit
**Configuration syntax changes (automatically migrated)**
* T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID204: Update Accel-PPP to a newer revision
* T4273: ssh: Upgrade from 1.2.X to 1.3.0 breaks config
**New features and improvements**
* T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID* T4261: MACsec: add DHCP client support
* T2400: OpenVPN: dont restart server if no need* T4128: keepalived: Upgrade package to add VRF support
* T2764: Increase maximum number of NAT rules* T4120: [VXLAN] add ability to set multiple unicast-remotes
* T3164: console-server ssh does not work with RADIUS PAM auth* T4100: Firewall increase maximum number of rules
* T3299: Allow the web proxy service to listen on all IP addresses* T4055: Add VRF support for HTTP(S) API service
* T3872: Add configurable telegraf monitoring service
* T3854: Missing op-mode commands for conntrack-sync
* T3872: Add configurable telegraf monitoring service299: Allow the web proxy service to listen on all IP addresses
* T4055: Add VRF support for HTTP(S) API service* T3164: console-server ssh does not work with RADIUS PAM auth
* T4100: Firewall i* T2764: Increase maximum number of NAT rules
* T4120: [VXLAN] add ability to set multiple unicast-remotes* T2400: OpenVPN: dont restart server if no need
* T4128: keepalived: Upgrade package to add VRF support* T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID
* T4261: MACsec: add DHCP client support
**Bug fixes**
* T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check* T4377: generate tech-support archive includes previous archives
* T3380: "show vpn ike sa" does not display IPv6 peers* T4297: Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings
* T3686: Bridging OpenVPN tap with no local-address breaks* T4273: ssh: Upgrade from 1.2.X to 1.3.0 breaks config
* T3914: VRRP rfc3768-compatibility doesn't work with unicast peers* T4267: Error - Missing required "ip key" parameter
* T3924: VRRP stops working with VRF* T4264: vxlan: interface is destroyed and rebuild on description change
* T4002: firewall group network-group long names restriction incorrect behavior263: vyos.util.leaf_node_changed() dos not honor valueLess nodes
* T4081: VRRP health-check script stops working when setting up a sync group259: The conntrackd daemon can be started wrongly
* T4087: IPsec IKE-group proposals limit of 10 pieces
* T4092: IKEv2 mobike commit failed with DMVPN nhrp258: [DHCP-SERVER] error parameter on Failover
* T4093: SNMPv3 snmpd.conf generation bug242: ethernet speed/duplex can never be switched back to auto/auto
* T4101: commit-archive: Use of uninitialized value $source_address in concatenation241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus
* T4104: RAID1: "240: Cannot add raid md0 member sda1" does not restore boot sectorwlan0 to bridge via configure
* T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as237: Conntrack-sync error - error adding listen-address %eth0command
* T4141: Set high-availability vrrp sync-group without members error234: Show firewall partly broken in 1.3.x
* T4142: Input ifbX interfaces not displayed in op-mode233: ssh: sync regex for allow/deny usernames to "system login"
* T4152: NHRP shortcut-target holding-time does not work228: bond: OS error thrown when two bonds use the same member
* T4154: Error add second gre tunnel with the same source interface226: VRRP transition-script does not work for groups name which contains -(minus) sign
* T4165: Custom conntrack rules cannot be deleted203: Reconfigure DHCP client interface causes brief outages
* T4168: IPsec VPN is impossible to restart when DMVPN is configured96: DHCP server client-prefix-length parameter results in non-functional leases
* T4183: IPv6 link-local addr91: Lost access not accepted as wireguard peerto host after VRF re-creating
* T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses
* T4191: Lost acc83: IPv6 link-local address to host after VRF re-creatingnot accepted as wireguard peer
* T4196: DHCP server client-prefix-length parameter results in non-functional leases68: IPsec VPN is impossible to restart when DMVPN is configured
* T4203: Reconfigure DHCP client interface causes brief outages165: Custom conntrack rules cannot be deleted
* T4226: VRRP transition-script does not work for groups name which contains -(minus) sign154: Error add second gre tunnel with the same source interface
* T4228: bond: OS error thrown when two bonds use the same member152: NHRP shortcut-target holding-time does not work
* T4233: ssh: sync regex for allow/deny usernames to "system login"142: Input ifbX interfaces not displayed in op-mode
* T4234: Show firewall partly broken in 1.3.x141: Set high-availability vrrp sync-group without members error
* T4237: Conntrack-sync error - error adding110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address command%eth0
* T4240: Cannot 104: RAID1: "add wlan0 to bridge via configureraid md0 member sda1" does not restore boot sector
* T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus101: commit-archive: Use of uninitialized value $source_address in concatenation
* T4242: ethernet speed/duplex can never be switched back to auto/auto093: SNMPv3 snmpd.conf generation bug
* T4258: [DHCP-SERVER] error parameter on Failover092: IKEv2 mobike commit failed with DMVPN nhrp
* T4259: The conntrackd daemon can be started wrongly087: IPsec IKE-group proposals limit of 10 pieces
* T4081: VRRP health-check script stops working when setting up a sync group
* T4263: vyos.util.leaf_node_changed() dos not honor valueLess nodes002: firewall group network-group long names restriction incorrect behavior
* T4264: vxlan: interface is destroyed and rebuild on description change* T3924: VRRP stops working with VRF
* T4267: Error - Missing required "ip key" parameter* T3914: VRRP rfc3768-compatibility doesn't work with unicast peers
* T4273: ssh: Upgrade from 1.2.X to 1.3.0 breaks config* T3686: Bridging OpenVPN tap with no local-address breaks
* T4297: Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings* T3380: "show vpn ike sa" does not display IPv6 peers
* T4377: generate tech-support archive includes previous archives
* T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check
**Other resolved issues**
* T4227: Typo in help comple476: Next steps after installation of hello-time option of bridge interfaceis not communicated properly to new users
* T4255: Unexpected print of dict bridge on delete
* T4227: Typo in help completion of hello-time option of bridge interface