Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Show Page Sections


The defects that have been resolved in this release are detailed in this section.

Security vulnerabilities

Security issues have been resolved in this release.

Key Summary
CVE-2018-6797, CVE-2018-6798, CVE-2018-6913Debian DSA-4172-1 : perl - security update (VRVDR-41512)
CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122Debian DSA-4136-1 : curl - security update (VRVDR-41137)
CVE-2018-7738Debian DSA-4134-1 : util-linux - security update (VRVDR-41096)
CVE-2018-6459Strongswan 5.6.x: denial-of-service vulnerability in the parser for RSASSA-PSS signatures (VRVDR-40821 )
CVE-2017-10790, CVE-2018-6003Debian DSA-4106-1 : libtasn1-6 - security update (VRVDR-40555)
CVE-2018-5334, CVE-2018-5335, CVE-2018-5336Debian DSA-4101-1 : wireshark - security update (VRVDR-40398)
CVE-2018-1000005, CVE-2018-1000007Debian DSA-4098-1 : curl - security update (VRVDR-40327)
CVE-2017-3145Debian DSA-4089-1 : bind9 - security update (VRVDR-40087)
CVE-2017-5753Debian DSA-4187-1, DSA-4188-1: Spectre aka. variant #1: (VRVDR-39909)
CVE-2017-5754Debian DSA-4078-1 : linux - security update (Meltdown) (VRVDR-39891)
CVE-2018-5146Debian DSA 4140-1: libvorbis security update (VRVDR-41172)
CVE-2018-1064 CVE-2018-5748 CVE-2018-6764Debian DSA 4137-1: libvirt security update (VRVDR-41139)
CVE-2017-3144, CVE-2018-5732, CVE-2018-5733Debian DSA 4133-1: isc-dhcp security update (VRVDR-41041)
CVE-2018-7540, CVE-2018-7541, CVE-2018-7542Debian DSA 4131-1: xen security update (VRVDR-40991)
CVE-2017-14632, CVE-2017-14633Debian DSA 4113-1: libvorbis security update (VRVDR-40783)
CVE-2017-17563, CVE-2017-17564, CVE-2017-17565, CVE-2017-17566Debian DSA 4112-1: xen security update (VRVDR-40782)

Resolved issues

Customer issues have been resolved in this release.

Component Key Summary
System VRVDR-41594 Fails to create disk partition
Dataplane VRVDR-41568 Packet capture on dp0px only captures egress on port
Switch - Marvell VRVDR-41564 New Silicom PLCC-B devices fail to recognize the new switchports
Installer VRVDR-41515 Fresh install using install image encountered disk label error
Installer VRVDR-41387 Permissions and group ownership mismatch between LiveCD and installed image for /var/lib/libvirt/images/
GRE VRVDR-41266 Static route leaking to VRF does not transit traffic across mGRE tunnel after reboot
Firewall VRVDR-41252 With unbound VTI in zone-policy, drop rule is bypassed depending on commit order of zone rules.
Interfaces VRVDR-41225 When configuring interface description, every white space is treated as a new line
BGP VRVDR-41088 Extended (4 byte) ASN not represented internally as unsigned type
Bridging VRVDR-40988 vhost not starting when vSRX image is used with certain number of interfaces
IPsec/VPN VRVDR-40967 disabling IPv6 forwarding prevents routing of vti sourced IPv4 packets
Dataplane VRVDR-40940 dataplane crash related to NAT/Firewall
ALG VRVDR-40927 DNAT: SDP in SIP 200 OK not translated when it follows a 183 Response
SNMP VRVDR-40920 With as listen-address snmpd does not start
Firewall VRVDR-40886 Combining icmp name <value> with a number of other configuration for the rule will cause FW to not load
IPsec/VPN VRVDR-40858 VTI interface showing MTU 1428 causing TCP PMTU issues
Bridging VRVDR-40857 vhost-bridge does not come up for tagged vlan with interface names of a certain length.
IPsec/VPN VRVDR-40644 IKEv1: QUICK_MODE re-transmits are not handled correctly
Bonding VRVDR-40497 ARP doesn't work over bonded SR-IOV interface
System VRVDR-40328 cloud-init images takes a long time to boot
Installer VRVDR-40281 After upgrading from 5.2 to more recent version error -vbash: show: command not found in operation mode
NAT VRVDR-40211 delete session-table source <IP-address:port> and delete session-table destination <IP-address:port> do not work on 17.2.0
NAT VRVDR-40210 NAT ICMP error handling for checksum disabled UDP is wrong
IPsec/VPN VRVDR-40085 PB-IPsec is not working when pinging between loopback interfaces on the Vyatta NOS themselves. 
Firewall VRVDR-39991 Stateful firewall drops packets between 2 subnets on the same interface
Dataplane VRVDR-39985 TCP DF Packets larger than GRE tunnel MTU are dropped with no ICMP fragmentation needed returned
Interfaces VRVDR-39920 vhost interfaces for vcsr stay link down
Firewall VRVDR-39865 non-unique ICMP states for pings between windows hosts
GRE VRVDR-39863 VRRP fails over when customer removes routing-instance with GRE associated and tunnel local-address is part of VRRP
QinQ VRVDR-39860 Commit doesn't complete  and  Rollback doesn't complete properly
Firewall VRVDR-39772 The show log and show log firewall name <FW-RULE> command no longer displays firewall logs
Bonding VRVDR-39750 The show interface dataplane <bond-vif> CLI shows interface statistics but is not a tab completion option under show interface dataplane
NAT VRVDR-39729 dataplane crashes when NAT resource group address has /31 mask
DHCP VRVDR-39529 DHCP server failover is not synchronizing databases
QoS VRVDR-39396 QOS Shaping Granularity leads to less throughput than expected at certain packet sizes
Bonding VRVDR-38801 multi-segment packet recieved via IPSec VTI causes bond interface to go down
RA_VPN VRVDR-36378 Client behind NAT is unable to connect to L2TP server

Known issues

The known issues in this release have been identified.

Component Key Summary
Interfaces VRVDR-41732 Issuing command delete interfaces dataplane dp0p3 results in multiple errors during commit
Dataplane VRVDR-41664 dataplane drops MTU sized ESP packets
Dataplane VRVDR-41588 vhost is dropping packets and showing Errors
System VRVDR-41577 Can't determine if commit was successful or not????
Dataplane VRVDR-41569 Can't get vhost1 interface to work with vSRX
Interfaces VRVDR-41558 The reported timestamps in packet traces are not consistent with the actual time and system clock
IPsec/VPN VRVDR-41233 Show VPN commands do not work (just hangs).
OpenStack VRVDR-41213 No external connectivity deploying a new Vyatta 17.2 on KVM/Mirantis Openstack using SRIOV
OpenVPN VRVDR-40614 OpenVPN interface disappears from routing instance after reboot
VRRP VRVDR-39710 When rfc-compatibility is enabled in a VRRP instance, Vyatta does not respond to icmp requests
Dataplane VRVDR-35474 Transient packet drops observed during link up and on bgp convergence test
BGP VRVDR-34995 BGP Multipath for Inter-VRF Leaked Routes
IPsec/VPN VRVDR-34842 DMVPN: Spoke receives INVALID_ID_INFORAMTION after changing logging configuration on Hub
BGP VRVDR-34097 ibgp double recursive lookup uses first nh rather then second nh for path selection, thereby breaking best exit
L2TP VRVDR-32770 Fragmented packets over L2tpv3 are misordered
Logging VRVDR-32588 CLI should provide more information about syslog facilities
OSPF VRVDR-32155 OSPF TE Database not populated when opaque-lsa is disabled then re-enabled
Hypervisor VRVDR-31751 Console of guest VM is inactive
DMVPN VRVDR-29153 show vpn ipsec sa displays a bogus peer with IP address