VyOS 1.1.0-beta1 is available for download

VyOS 1.1.0-beta1 is now available for download from http://dev.packages.vyos.net/iso/preview/1.1.0-beta1/. Image naming is the same to release images.

1.1.0-beta1 should be stable enough for non-critical aplications, but it’s not ready for production and needs your testing. Please install it on your test VMs, load configs from production systems, try out new features, test mercilessly and tell us about any problems you find.

You can read release notes preview at http://vyos.net/wiki/1.1.0/release_notes. You also can find the list of fixed bugs there.

In a nutshell: we removed the dependency on the kernel version of UnionFS, upgraded the kernel to 3.13, fixed a number of bugs and added several new features. The config backend now uses unionfs-fuse, the livecd union mount uses overlayfs.

New features are:

  • 802.3ad QinQ VLAN stacking
  • Unmanaged L2TPv3
  • Event handler
  • IGMP proxy (pulled from EdgeOS).
  • Dummy interfaces (same functionality to multiple loopbacks).

Also there are two new filters, “| commands” that converts the output of a conf mode “show” command to set commands, and “| strip-private” that removes private information from the config.

You can find links to the documentation drafts for these features at the release notes page as well.

What’s next

If everything goes well and 1.1.0 displays good stability, next release cycle will be shorter and it will be dedicated to adding features we can add to existing codebase.

If not, we will polish 1.1.0 first, and then start working on new features.

At the same time I’m already working on the new backend and new system architecture that will solve the long standing problems of the current VC/VyOS such as lack of programmer-friendly config access API. Everyone is invited to join this work!

Contributors

I’d like to say thanks to everyone who participated in 1.1.0 development and made this possible: Kim Hagen, Yuyua Kusakabe, Hiroyuki Sato, Toni Cunyat , hydrajump, Alex Harpin, Ewald van Geffen, Trick van Staveren, Jeff Leung, Paweł Pierścionek, Florian Fuessl, Ivan Malyarchuk, Abdelouahed Haitoute, Ryan Riske, Stig Thormodsrud and An-Cheng Huang from Ubiquiti Networks, Paul Gear, neutralrockets, ftoyama (hope I didn’t forget anyone).

New mirror in the US

New mirror in the US (Maine): http://mirrors.maine.edu/vyos. Thanks to the University of Maine and Ray Soucy!

Maintenance complete

www.vyos.net, bugzilla.vyos.net, and forum.vyos.net were moved to the new server and should work as expected now. If you experience any problems, please let us know.

Maintenance notification: vyos.net, forum.vyos.net, bugzilla.vyos.net at 17:00 UTC

What and how long

www.vyos.net, forum.vyos.net, and bugzilla.vyos.net will be unavailable for up to 3 hours.

When

Jul 09th, 17:00-20:00 UTC

Why

Finishing the migration to new infrastructure.

How

At 17:00 UTC websites will be put in maintenance mode to maintain data consistency. You will not be able to post new content and may be unable to access existing content.

After that we will move the data to the new server, check installation, and switch DNS records, and website operations will be restored.

TTL for the records is set to 15 minutes now, if you experience problems with it, try flushing your DNS cache.

Build scripts use development repos by default now

We’ve made a change in the ISO build scripts so they use the development repos, dev.packages.vyos.net, as package source by default. The development repos are automatically populated by the CI server, so you always get the most recent packages.

This change only affects helium branch, hydrogen stays untouched. We will modify “—with-release-build” behaviour to use the release repos later, since helium doesn’t have a release version yet, that’s not a problem.

Note that release and development repos use different GPG keys, so when you build a development ISO, you will be asked whether you trust the key, same with installing release packages on development builds and vice versa. This is to prevent accidental installation of unstable development packages on production systems.

New nightly builds location and CI server

Thanks to Kim Hagen, we now have a continuous integration server (Jenkins-based): http://ci.vyos.net.

You can track build status there if you want.

Nightly builds are now stored at http://dev.packages.vyos.net/iso

Survey report

The survey is now closed and it’s time to summarize the results. The overall picture didn’t change much from the first days, so I think these data is pretty representative.

Read More

CVE-2014-4607

There is a vulnerability in LZO implementation discovered recently.

The only network available VyOS components (to my knowledge) where it’s used are IPsec and OpenVPN that use it for data compression. Compression is performed before encryption, so this is probably not exploitable for a man in the middle. If you are dealing with untrusted remove side of the VPN, probably better to turn compression off.

We will look into providing a hotfix for it for 1.0.4