Vyatta is pleased to announce the beta release of Vyatta Community Edition 3 (code named Dublin). Updated packages have been released to the Vyatta testing repository. This code is beta quality and is suitable for those wanting a preview of this release. We urge that everybody interested in eventually upgrading to the final edition of VC3 perform an upgrade on a non-critical system to this release. We appreciate all bug reports that anybody can provide, either directly to Bugzilla (bugzilla.vyatta.com) or to the vyatta-users mailing list.
UPGRADING ========= To upgrade, make sure your repository configuration includes the Testing repository, as described on the wiki: http://www.vyatta.com/twiki/bin/view/Community/HowToUpdate To update the community edition, issue the following commands from the bash prompt (root login): apt-get update apt-get -y install vc-base full-upgrade FILING BUGS =========== If you find a bug in this release, please file a bug on Bugzilla and/or report it to the vyatta-users mailing list. More information about the mailing lists and Bugzilla can be found here: http://www.vyatta.com/community/mailing.php http://www.vyatta.com/twiki/bin/view/Community/BugDatabase VERSION NUMBER ============== There was some confusion over this behavior during the last beta, so hopefully this section can address the behavior you'll see. Note that this is a beta release. Thus, when you type "show version" you will still see a previous version number (e.g. VC2.2). You can tell that you have upgraded when you perform a "show version all" command because there will be multiple packages flagged as being more recent than those of the base version you are running (e.g. VC2.2). In other words, think of this as a set of package upgrades which will be correctly reported when you invoke "show version all," but this is not yet a full upgrade of the base version. NEW IN THIS RELEASE =================== * Multilink Point-to-Point Protocol support. This release introduces support for multilink Point-to-Point Protocol (MLPPP) bundling as described in RFC 1990. MLPPP allows you to group PPP interfaces, typically on T1 or E1 lines into a single virtual link, resulting in greater performance than a single low-speed link but lower cost than a high-speed link. * IPsec VPN clustering. IPsec VPN can now be configured in a cluster. Clustering can be used as a failover mechanism to provide high availability for mission-critical services. The cluster monitors the nodes providing the IPsec VPN tunnel at a designated address. If the system detects that the node has failed, or that the link to the node has failed, the system migrates both the VPN tunnel and the IP addresses to a backup node. Failover is currently supported between two nodes: a primary node and a secondary node. * Enhanced serial interface support. Serial interface support has been improved in a number of ways. Additions include: * Ability to add a description to a serial link. * Authentication for PPP-encapsulated interfaces. Connections can be authenticated by password, user ID, or system name, and the PAP, CHAP, MS-CHAP, MS-CHAP v.2 and EAP authentication protocols are supported. * LCP echo support for PPP-encapsulated interfaces. * Configurable Maximum Transmission Unit (MTU) and Maximum Receive Unit (MRU) for T1- and E1-encapsulated interfaces. * Ability to specify external or internal clock for T1- and E1-encapsulated interfaces * Support for the Frame Relay t392 (polling verification timer) LMI signaling option. * Inverse ARP support on Frame Relay permanent virtual circuits (PVCs). * Additional options for the “show interfaces serial” command, including an option to provide trace-level logging or raw frames for a serial interface. * Redesigned the output of the “show interface serial” command to increase clarity and consistency. * Improvements to Firewall. Many improvements and enhancements have been added to firewall support in Release VC3: * Negated values can now be specified for the following fields: "protocol," source/destination "address," and source/destination "network." This allows exclusion of addresses and networks. For example, the rule “set firewall name TEST rule 1 source network !192.168.0.0/24” will match packets whose source address is NOT in the 192.168.0.0/24 network. * The “show firewall” command now displays information for all user-defined firewall rule sets. Previous releases allowed viewing only one firewall rule set at a time. * A description can now be configured for each firewall rule, such as "Allow inbound SSH traffic." * The “show firewall,” “show firewall <name>,” and “show firewall <name> rule <num>” commands now display the source ports and destination ports, if they have been set. * Each firewall rule can now support multiple source and destination “port-number” and “port-name” values within a single firewall rule. In addition, the “port-name” option now allows any port names defined in the file /etc/services. This ability was previously only available for NAT rules. * The "protocol" field for firewall rules now allows any protocol number or name listed in the file /etc/protocols. This ability was previously only available for NAT rules. * A firewall rule can now filter traffic by source MAC address using the “mac-address” option. The “mac-address” option also allows the negation operator, so that specific MAC addresses can be filtered. For example “set firewall name FW1 rule 10 source mac-address !01:02:03:AA:BB:CC” will match any packets whose source MAC address is NOT 01:02:03:AA:BB:CC * NAT address and network exclusion. Negated values can now be specified for the following fields: "protocol," source/destination "address," and source/destination "network." This allows, for example, VPN traffic to be excluded from NATting. For example, the rule “set service nat name TEST rule 1 source network !192.168.0.0/24” will match packets whose source address is NOT in the 192.168.0.0/24 network. * New filtering options for “show bgp” commands. A number of filtering options have been added to the “show bgp neighbor-routes” and “show bgp peers” commands. In addition, the output of these commands has been slightly redesigned for more clarity. * Ability to save support information to file. A “save” option has been added to the “show tech-support” command to allow system information to be saved in a user-specified file. * Auto-synchronization to package repository. The “auto-sync” option has been added to the “system package” configuration node. This option allows you to direct the system to update the repository cache at a defined interval, specified in days. * Ability to prevent the reboot on kernel panic. A “reboot-on panic” option has been added to the “system” statement to direct the system not to reboot if a kernel panic occurs. This allows you to inspect system information to determine what caused the panic. * Bug fixes. Over 100 issues have been resolved with Release VC3. A summary list of fixed bugs is provided in the release notes, available from the documentation download page: http://www.vyatta.com/documentation/index.php BEHAVIOR CHANGES ================ Release VC3 includes the following behavior changes: * The “service http” configuration option has been changed to “service webgui” to better reflect its function, which is to provide access to the Vyatta web GUI. * The default random number device for generating RSA signatures has been changed. In previous releases, the default random number device was /dev/urandom. Starting with Release VC3, the default random number device is /dev/random. The /dev/random device generates random numbers using system entropy, which is more secure, but slower, than /dev/urandom, which is a software-based random number generator. Be aware that generating random numbers using /dev/random may take a long time (30 to 60 minutes) as the Vyatta system generates little entropy. For more information, please see the product documentation about generating RSA keys for IPsec VPN. Enjoy! -- Dave _______________________________________________ Vyatta-users mailing list [email protected] http://mailman.vyatta.com/mailman/listinfo/vyatta-users
