VyOS 1.0.2 in Amazon Web Services Marketplace

VyOS AMI is now available from the AWS marketplace.

This one is a 64-bit HVM AMI based on hydrajump’s work. I’m planning to add a PV AMI based on trickv’s work in the future too.

VyOS on Facebook

https://www.facebook.com/vyosofficial

Yuriy Andamasov, on of the earliest VyOS adopters, created a Facebook group. Active Facebook users may find it interesting.

CVE-2014-0160

VyOS 1.0.x uses OpenSSL 0.9.8o, and thus is not affected by CVE-2014-0160. No action is needed.

VyOS Japan user group

VyOS users from Japan have founded the first VyOS user group in the world. Group coordinator Yuya Kusakabe (who contributed L2TPv3 CLI lately) will announce it at Japan Vyatta Users group meeting tomorrow.

Group resources:

VyOS Subscription Edition was a joke

April Fools Day is almost over in the western hemisphere, so in case anyone took VyOS Subscription Edition seriously, it was a joke.

We may introduce commercial support and professional services in the future, but the software will always stay free and unified.

Introducing VyOS Subscription Edition

The free community VyOS software is an open source network operating system providing advanced IPv4 and IPv6 routing, stateful firewalling, IPSec and SSL OpenVPN, and more.

When you add VyOS to a standard x86 hardware system, you can create an enterprise grade network appliance that easily scales from DSL to 10Gbps. VyOS is also optimized to run in VMware, Citrix XenServer, Xen, KVM, and Hyper V, providing networking and security services to virtual machines and cloud computing environments. VyOS has been downloaded over 10,000 times, has a community of thousands of registered users and counts a few fortune 500 businesses among its users.

We are proud to annouce a commercial version of the VyOS network OS (VyOS Subscription Edition) is also available with enterprise-ready management and security product extensions and complete engineering support including proactive notifications of security alerts and software releases as well as priority access to patches & bug fixes.

As a gesture to this new service, get a subscription for a year today for the introduction price of $100. Email to to order yours today!

CLI configuration templates documentation draft

VyOS command line interface is defined in so called “templates”. Until now people had to learn template syntax from the source code of existing packages. To make it easier to start modifying or adding commands, I wrote a template syntax reference (or rather a draft of it): http://vyos.net/wiki/Configuration_mode_templates.

Let me know what you think, what parts can be improved etc.

GNUTLS-SA-2014-2

In a nutshell: nothing really uses it in VyOS so we think it’s not enough to trigger maintenance release.

http://www.gnutls.org/security.html#GNUTLS-SA-2014-2 is the thing everyone is now talking about, so I probably shouldn’t keep silence too.

From what we could find, the only things in VyOS that use GnuTLS are SSMTP and apt-transport-https.

SSMTP is a mail transport agent that’s installed for dependencies and isn’t actually uses by anything. APT doesn’t rely on transport confidentiality and authenticity and uses digital signatures instead. Also, no known exploits exist, so we think this is low risk in our case.

We will update it for the next release anyway, but we don’t think it’s enough to trigger a maintenance release. Let me know if I missed anything and you think otherwise.

Helium is fully buildable

Helium, the branch that will become the next major release, is now buildable for both i386 and amd64. Nightly builds are operational too, you can get latest images from http://builds.vyos.net/iso/development/helium/.

Release is planned for May or June. The roadmap is not yet set in stone, so it’s open for your suggestions and patches.

Helium will be based on squeeze. To avoid unexpected release delays due to fragile code incompatibilities with new userland, we will squeeze the last bit out of squeeze while it’s still supported and refactor the fragile parts.

bugzilla maintenance complete

Bugzilla upgrade is complete, you can use it again. Let me know if you spot any problems.