These release notes document changes in VC5.0.2 relative to VC4.1.4.
* New in This Release
* Behavior Changes
* Documentation Changes
* Upgrade Notes
* Resolved Issues
* Known Issues
There are no security announcements in this release.
New in This Release
* Web GUI Functionality. This release introduces the first phase of a redesigned
web GUI interface for interacting with the Vyatta system. In this initial phase,
the GUI simply reflects visually the structure of the CLI, and the command
hierarchy in the GUI follows the basic CLI configuration structure. Supported
web browsers are Firefox 3 and Microsoft Internet Explorer 7. The GUI is turned
off by default, for security reasons, and must be enabled through the CLI. For
more information about using the web GUI, please see the Vyatta System Quick
* OpenVPN. Previous releases of the Vyatta system supported IPsec site-to-site
Virtual Private Network (VPN) and remote access IPsec and Point-to-Point
Tunneling Protocol (PPTP) VPN. This release adds support for OpenVPN.
OpenVPN is an open-source VPN solution that provides both site-to-site and
remote access modes of operation. OpenVPN implements its own
communication protocol, which is transported on top of UDP or TCP, to provide
a secure "tunnel" for VPN traffic. OpenVPN can more easily handle NAT than
other VPN protocols and may be a better choice for environments with NAT
between two endpoints, where the endpoints can both run Vyatta (or OpenVPN
on Linux). OpenVPN commands are described in the Vyatta VPN Reference
* Intrusion Protection System and Traffic Filtering. This release implements
support for intrusion protection system (IPS) and traffic filtering based on
inspection of traffic content. Using Snort and its signature database, the Vyatta
system detects intrusion attempts by using signature-based and network-based
detection mechanisms. In addition, the Vyatta system can prevent malicious behavior
by dropping packets that are associated with a detected attack.
Commands for IPS and Traffic filtering are described in the Vyatta Security
* URL Filtering. The Vyatta system can be now configured to act as a web proxy
server for URL filtering. Before allowing an HTTP request to proceed, the
filtering functionality first determines whether the requested URL belongs to a
category that the administrative user has configured for blocking. If the URL has
been configured for blocking, the filtering function returns an error page to the
user. Commands for URL filtering are described in the Vyatta Security Reference
* Web Caching. The Vyatta system can now be configured to act as a web proxy
server for web caching and URL filtering. A client can request a web page from
the Vyatta system, which connects to the web server and requests the page on
the client’s behalf. The Vyatta system caches the response; if the page is
requested again it can be served directly from the cache, saving the time and
bandwidth required for transacting with the web server. Web caching
commands are described in the Vyatta IP Services Reference Guide.
* DNS Forwarding. The Vyatta system now includes support for DNS forwarding
(also called DNS relay). This feature allows DNS to be used in environments
where the IP address of the DNS server is subject to change—for example,
because the IP address of the DNS server is assigned through DHCP by an
Internet Service Provide (ISP). When DNS forwarding is used, the client router
offers its own client-side IP address (which is static) as the DNS server address to
the hosts on its network, so that all client DNS requests are made to the client
router’s client-side address. When DNS requests are made, the client router
forwards them to the ISP DNS server; answers are directed back to the client
router and forwarded through to the client hosts. DNS forwarding commands
are described in the Vyatta IP Services Reference Guide.
* Dynamic DNS. This release introduces support for Dynamic DNS. Dynamic DNS
(DDNS) allows network endpoints whose IP addresses are assigned dynamically
(for example, through DHCP) to participate in the Domain Name System (DNS).
Devices using dynamic DNS can notify a domain name server in real time of
changes to host name, IP address, or other DNS-related information. This
feature is particularly useful for systems where a dynamic IP address is provided
by the Internet Service Provider (ISP). Whenever the IP address changes, the
Vyatta system updates a DDNS service provider with the change. The DDNS
provider is responsible for propagating this change to other DNS servers. The
Vyatta system supports a number of DDNS providers. Commands for configuring
DDNS are described in the Vyatta IP Services Reference Guide.
* Enhanced VMware support. Starting in this release, Vyatta includes the open-
vm-tools library to provide enhanced performance in VMware environments.
The appropriate accelerated drivers are automatically loaded on startup, with
the exception of the accelerated network driver. To use the accelerated driver,
edit your VMware vmx configuration file and set the device type for your
Ethernet cards, by adding a line similar to the following for each Ethernet
ethernet0.virtualdev = "vmxnet"
Add similar lines for ethernet1, ethernet2, etc. To verify that the vmxnet driver
has loaded correctly, boot Vyatta and execute the following operational mode
show interfaces ethernet eth0 physical
Verify that the “driver” field in the output displays “vmxnet.” Do the same for
all other interfaces (eth1, eth2, etc.).
* Support for RFC 2684 (formerly RFC 1483) Bridged Ethernet over ADSL.
Previous versions of the Vyatta system supported Classical IP over ATM, PPPoE,
and PPPoA. This version adds support for RFC 1483 bridged Ethernet
encapsulation over ADSL. Bridged Ethernet support is described in the Vyatta
Encapsulation and Tunnels Reference Guide.
* Support for Synchronous Serial Cards. The Vyatta system now supports
Sangoma A142 two-port and the A144 four-port synchronous serial WAN
network interface cards (NICs). The A142 and A144 provide connectivity using
the V.35, X.21, RS-422, or EIA530 physical interface standards. Commands for
configuring synchronous serial cards are described in the Vyatta WAN Interface
* Serial Loopback Commands. This release includes new commands for serial
loopbacks for isolating problems on serial lines. The exact loopbacks available
depend on the type of card and the chipset used by the card. The Vyatta system
auto-detects the chipset and the CLI command completion mechanism displays
all the options, and only the options, supported by the chipset on your card.
Serial loopback commands are described in the Vyatta WAN Interface Reference
* RAID-1. This release introduces support for RAID 1 operation. A Redundant
Array of Independent Disks (RAID) uses two or more hard disk drives to improve
disk speed, store more data, and/or provide fault tolerance. RAID can be
implemented using special hardware or it can be implemented in software. The
Vyatta system supports a software “RAID 1” deployment on two disks. This
deployment allows two disks to mirror one another to provide system fault
tolerance. Every sector of one disk is duplicated onto every sector of all disks in
the array. Provided even one disk in the RAID 1 array is operational, the system
continues to run, even through disk replacement (provided that the hardware
supports in-service replacement of drives). RAID 1 can be used to reduce or
eliminate downtime associated with disk failure without having to resort to
flash-based, solid-state storage, which is often lower performance, lower
density, and more expensive. RAID 1 is configured during installation.
Commands for setting up RAID 1 are described in the Vyatta High Availability
* Experimental Support for Ethernet Link Bonding. Multiple physical Ethernet
links can now be bundled to create a larger virtual Ethernet link. Bundling
Ethernet links increases performance between two devices without requiring an
expensive higher-speed physical link. It also provides redundancy, since the
bundle retains connectivity if an individual link fails. Commands for configuring
Ethernet link bonding are described in the Vyatta LAN Interface Reference
* Experimental Support for Wireless Modem. This release of the Vyatta system
implements experimental support for USB wireless modems (e.g. providing
connectivity to 3G networks). Currently, wireless modem support has been
tested against a Sierra Wireless USB Connect 881 modem and a UT Starcom
(Pantech) 3G modem. Wireless modem support can provide backup connectivity
or primary connectivity to remote devices. Commands for wireless modem
support are described in the Vyatta WAN Interfaces Reference Guide.
* Experimental Support for IPv6. Experimental support for IP version 6 (IPv6) has
been added in this release. IPv6 versions of configuration commands have been
added for BGP, RIP next generation (RIPng), and static routes. IPv6 versions of
operational commands have been added for RIPng, Neighbor Discovery, ping,
and showing routes. Support for IPv6 is documented in a special stand-alone
chapter, “IPv6.” IPv6 is not yet supported for firewall, VPN, and other high-level
services. IPv6 compatibility with these features will be added in following
This release removes support for antivirus functionality. It has come to Vyatta’s
attention that this functionality may be covered by one or more patents worldwide.
We are currently investigating this issue and will reintroduce this functionality at a
later date if possible.
There is also a change to the minimum size required for a root partition. Previously,
the minimum root partition size was 450MB. This minimum requirement has been
increased to 1000MB. Vyatta recommends using a minimum of 2000MB to provide
room for package upgrades.
* Redesigned Technical Library. The Vyatta Command Reference and
Configuration Guide, which had grown very large, have been reorganized into a
library of smaller, targeted guides. Each guide contains all command reference
and configuration information for the feature. The new technical library is fully
described in the Guide to Vyatta Documentation, new in this release and
* New Overview Guides. This release introduces two new guides to the Vyatta
1. Guide to Vyatta Documentation. This guide provides an overview of Vyatta
product documentation. It includes a graphical "map" of the documentation
set and briefly describes each guide. This guide expands and replaces the
Vyatta Documentation Roadmap.
2. Vyatta System Installation and Upgrade Guide. This guide explains how to
deploy and upgrade Vyatta software. The upgrade information in this guide
replaces the upgrade information previously found in the Vyatta System
Quick Start Guide.
* Cross-Document PDF Search. This release introduces the ability to use PDF
search across all documents in the software document set. To use cross-
document PDF search, extract the set of zipped files into the same folder as the
PDF documents you want to be able to search. Double-click the PDX file and
enter your search string in the search bar.
* Web GUI Documentation. To support the first phase of web GUI functionality,
the Vyatta Quick Start Guide has been expanded with a new chapter introducing
you to the web GUI interface.
For detailed information about upgrading Vyatta software, please see the Vyatta
System Installation and Upgrade Guide.