This section details the features updated with this release.
Modified features – local user authentication
The Vyatta NOS no longer supports local users having the same username as a user configured in a remote user database (for example, TACACS+ server).
Such configurations are no longer guaranteed to work.
Modified features – BASH shell behaviour change
The Bash shell in the Vyatta NOS now has a default HISTCONTROL value of ignoreboth which enables new shell history behavior.
- If the shell line being executed matches the latest history entry it is no longer recorded
- Shell lines prefixed with a space character are not recorded in the shell history
With this new behaviour, when a user enters a command they do not wish to be recorded in their shell history, perhaps because the command contains sensitive information such as passphrases, they may prefix the command with a space.
Currently, the Vyatta NOS also specifies a HISTIGNORE value which automatically suppresses lines which contain password, -secret, or the pattern ????-????-????-???? (where ? represents a single character) from the history. This default HISTIGNORE value will be removed in a future release and such lines will no longer be automatically suppressed from shell history.
A range of features have been deprecated or removed from this release.
- Qosmos DPI Engine - The Vyatta NOS has now removed support for the Qosmos DPI engine. Note this will impact the granularity of traffic flow analysis and any associated services relying on those such as Netflow.
- OpenVPN – Support for the OpenVPN, including the OpenVPN Remote Access VPN, has been deprecated and users are recommended to use the IPsec/IKEv2 based VPN features. This functionality will be removed in a future release.
- L2TP/IPsec RA VPN server - Support for the L2TP/IPsec Remote Access VPN server solution has been deprecated and users are recommended to use the IPsec/IKEv2 Remote Access VPN Client/Server solution instead. This functionality will be removed in a future release.
- IPsec/ESP IP Payload compression (IPcomp, RFC3173) has been deprecated and no longer available starting with this release.
- RADIUS system-user authentication has been deprecated and will be removed in a future release.
- VRRP: custom VRRP transition script usage is marked as deprecated and will be removed in a future release. Existing VRRP notify options should be used instead. Future releases will hold more fine-grain per-feature VRRP awareness.