Limitations, restrictions or behavior changes
Security improvements have been made in this release, however some limitations still exist.
IPsec RA VPN server Virtual-Feature-Point interfaces are only supported in a default routing-instance
Deprecation of TACACS+ local-user-name authorization argument. The local-user-name authorization argument allows TACACS+ to login as an already configured local user. Alternatively, Vyatta also supports on-the-fly creation of a local user during the login process for TACACS+ users. This is done when local-user-name is not present in the session authorization reply. Support for this feature will be removed in the next Vyatta release at which time presence of the local-user-name argument in authorization replies will cause an authorization failure.
While the OS does support IKEv1, we strongly recommend that IKEv2 is used to avoid security vulnerabilities associated with IKEv1, such as reflector and Amplifier DoS attacks.
In AWS, legacy Xen instance types will not work. The feature adds support for the modern nitro (KVM) instance types only - please use those.