I'm pleased to announce that VC4.1 (Hollywood) has been released to the stable repository.
Release background:
Hollywood is an incremental update to VC4. The primary goal for Hollywood is to fix a number of issues that we were unable to address before VC4 was released, or issues found since that time. Additionally, we wanted to include some new, experimental features (see below) so that we could get some community feedback on them prior to VC5.
VC4.1 has now been released to the stable repository. This version is suitable for all users.
New in this release:
The major new features in this release, since VC4.0, include:
- Experimental: Intrusion Detection and Prevention[/*:m]
- Experimental: Anti-virus[/*:m]
- Increased support for SNMP MIBs and traps.[/*:m]
- New 'copy' and 'rename' commands in configuration mode. These commands should make it far easier for people to manage large lists as part of the configuration. Firewall and NAT rules are the two obvious examples that have been most problematic in the past. You can find more detail about the commands in the enhancement request.[/*:m]
- BGP MD5 support has been added. See bug 2661 for more information.[/*:m]
- Support for the Sangoma S518 ASDL card including configuration mode CLI.[/*:m]
- Integrated drivers for the Sangoma A142 (dual-port) and A144 (quad-port) serial cards, providing X.21 and V.35 interfaces. Currently, only the drivers have been integrated. The CLI to configure the cards is not present and the cards must be configured directly in Linux.[/*:m]
- More than 240 issues resolved.[/*:m]
- New documentation. With VC4.1, we're releasing some additional documentation: a High Availability Reference and a Security Reference. These new guides combine some of the material that was formerly in the Command Reference and the older Configuration Guide, but then segment the material according to functional area. Over time, we'll be adding further functional areas (Routing, for instance). These new guides should be far more helpful for people looking for good configuration examples. Your feedback is always welcome in the Users Forum.[/*:m]
Some of these features are currently experimental (IPS and AV), meaning that they have had some amount of testing, but you are likely to discover issues. We encourage you to report your findings on these forums and to file bugs in Bugzilla appropriately. Our goal is to wring out these features for VC5.
You can download a full set of release notes on the Vyatta.org documentation page: http://www.vyatta.org/documentation
Note that this final version is basically identical to VC4.1, beta 3. If you're already running the beta 3 version, there is no need to upgrade.
How to install/update:
This release is only available as a package update; ISO images are not available. To install VC4.1, first install the VC4.0 ISO and then perform a package upgrade to VC4.1.
Full instructions for performing the update are given in the release notes, available on the documentation page. Please be aware that we have simplified (changed) the update procedure slightly from previous releases and so you should read the release notes.
[/]
Great!
Good news!
I have one question though, that has been on my mind for quite a few releases:
Would it be possible to make the documentation available to already registered users _without_ having to register again, and again, and again...?
If a user is registered, it should be enough to just give the credentials and get access.
There, got it off my chest..
Actually, that should be the case today. Today, once you register, it sets a cookie in your browser that should allow you to go through without re-registering. If you have disabled cookies or are deleting them all after you're done browsing, that's probably the issue. If you have cookies enabled and you're still being asked to reregister each time, send me a PM and we'll take a look at it. We're in agreement that re-re-re-re-registering is a PITA. Definitely not the behavior we want. :D
As an aside, the vyatta.org authentication mechanisms that handle the forums are not integrated with the rest of the registration system on vyatta.com. That's done because you don't have to register at vyatta.org in order to download documentation. I'd give a small bodypart for a widely-implemented, universal single-sign-on system. Yea, I know about OpenID. Unfortunately, it isn't yet widely implemented and there are some serious security concerns with it.
On Wed, Sep 24, 2008 at 10:19:37AM -0700, DaveRoberts wrote:
OpenLDAP?
or accounting with Radius :)
Yes, that's one option that we're considering. Without going into it deeply, there are issues there, too.
In general, every software system on the planet needs to authenticate users and they all do it completely differently. Vyatta is not a multi-billion-dollar company and yet I still have multiple unsynchronized username/passwords on about 10 different systems. :roll:
Is MS-Chapv2 supported on this release for Remote Access L2TP/IPSec VPN Radius authentication?
Also, what is the status of this security issue? Has it been fixed on this release? http://vyatta.org/forum/viewtopic.php?t=413
2finebxrs wrote:
Support for mschap-v2 has been added to the next release (Isla Vista), but it is not supported in the Hollywood release. For now, to allow mschap-v2, you could remove the "require chap = yes" line from "/opt/vyatta/share/perl5/VyattaL2TPConfig.pm" and then configure the VPN settings.
This issue has been addressed in the new "Security Reference Guide" for this release. Please take a look at the "Remote Access VPN Deployment Issues" in Chapter 4 for a discussion on this and other issues. Thanks!