Web GUI Functionality. This release introduces the first phase of a redesigned web GUI interface for interacting with the Vyatta system. In this initial phase, the GUI simply reflects visually the structure of the CLI, and the command hierarchy in the GUI follows the basic CLI configuration structure. Supported web browsers are Firefox 3 and Microsoft Internet Explorer 7. The GUI is turned off by default, for security reasons, and must be enabled through the CLI. For more information about using the web GUI, please see the Vyatta System Quick Start Guide.
OpenVPN. Previous releases of the Vyatta system supported IPsec site-to-site Virtual Private Network (VPN) and remote access IPsec and Point-to-Point Tunneling Protocol (PPTP) VPN. This release adds support for OpenVPN. OpenVPN is an open-source VPN solution that provides both site-to-site and remote access modes of operation. OpenVPN implements its own communication protocol, which is transported on top of UDP or TCP, to provide a secure “tunnel” for VPN traffic. OpenVPN can more easily handle NAT than other VPN protocols and may be a better choice for environments with NAT between two endpoints, where the endpoints can both run Vyatta (or OpenVPN on Linux). OpenVPN commands are described in the Vyatta VPN Reference Guide.
Intrusion Protection System and Traffic Filtering. This release implements support for intrusion protection system (IPS) and traffic filtering based on inspection of traffic content. Using Snort and its signature database, the Vyatta system detects intrusion attempts by using signature-based and network-based detection mechanisms. In addition, the Vyatta system can prevent malicious behavior by dropping packets that are associated with a detected attack. Commands for IPS and Traffic filtering are described in the Vyatta Security Reference Guide.
URL Filtering. The Vyatta system can be now configured to act as a web proxy server for URL filtering. Before allowing an HTTP request to proceed, the filtering functionality first determines whether the requested URL belongs to a category that the administrative user has configured for blocking. If the URL has been configured for blocking, the filtering function returns an error page to the user. Commands for URL filtering are described in the Vyatta Security Reference Guide.
Web Caching. The Vyatta system can now be configured to act as a web proxy server for web caching and URL filtering. A client can request a web page from the Vyatta system, which connects to the web server and requests the page on the client’s behalf. The Vyatta system caches the response; if the page is requested again it can be served directly from the cache, saving the time and bandwidth required for transacting with the web server. Web caching commands are described in the Vyatta IP Services Reference Guide.
DNS Forwarding. The Vyatta system now includes support for DNS forwarding (also called DNS relay). This feature allows DNS to be used in environments where the IP address of the DNS server is subject to change—for example, because the IP address of the DNS server is assigned through DHCP by an Internet Service Provide (ISP). When DNS forwarding is used, the client router offers its own client-side IP address (which is static) as the DNS server address to the hosts on its network, so that all client DNS requests are made to the client router’s client-side address. When DNS requests are made, the client router forwards them to the ISP DNS server; answers are directed back to the client router and forwarded through to the client hosts. DNS forwarding commands are described in the Vyatta IP Services Reference Guide.
Dynamic DNS. This release introduces support for Dynamic DNS. Dynamic DNS (DDNS) allows network endpoints whose IP addresses are assigned dynamically (for example, through DHCP) to participate in the Domain Name System (DNS). Devices using dynamic DNS can notify a domain name server in real time of changes to host name, IP address, or other DNS-related information. This feature is particularly useful for systems where a dynamic IP address is provided by the Internet Service Provider (ISP). Whenever the IP address changes, the Vyatta system updates a DDNS service provider with the change. The DDNS provider is responsible for propagating this change to other DNS servers. The Vyatta system supports a number of DDNS providers. Commands for configuring DDNS are described in the Vyatta IP Services Reference Guide.
Enhanced VMware support. Starting in this release, Vyatta includes the open-vm-tools library to provide enhanced performance in VMware environments. The appropriate accelerated drivers are automatically loaded on startup, with the exception of the accelerated network driver. To use the accelerated driver, edit your VMware vmx configuration file and set the device type for your Ethernet cards, by adding a line similar to the following for each Ethernet device: ethernet0.virtualdev = "vmxnet" Add similar lines for ethernet1, ethernet2, etc. To verify that the vmxnet driver has loaded correctly, boot Vyatta and execute the following operational mode command:
show interfaces ethernet eth0 physical
Verify that the “driver” field in the output displays “vmxnet.” Do the same for all other interfaces (eth1, eth2, etc.).
Support for RFC 2684 (formerly RFC 1483) Bridged Ethernet over ADSL. Previous versions of the Vyatta system supported Classical IP over ATM, PPPoE, and PPPoA. This version adds support for RFC 1483 bridged Ethernet encapsulation over ADSL. Bridged Ethernet support is described in the Vyatta Encapsulation and Tunnels Reference Guide.
Support for Synchronous Serial Cards. The Vyatta system now supports Sangoma A142 two-port and the A144 four-port synchronous serial WAN network interface cards (NICs). The A142 and A144 provide connectivity using the V.35, X.21, RS-422, or EIA530 physical interface standards. Commands for configuring synchronous serial cards are described in the Vyatta WAN Interface Reference Guide.
Serial Loopback Commands. This release includes new commands for serial loopbacks for isolating problems on serial lines. The exact loopbacks available depend on the type of card and the chipset used by the card. The Vyatta system auto-detects the chipset and the CLI command completion mechanism displays all the options, and only the options, supported by the chipset on your card. Serial loopback commands are described in the Vyatta WAN Interface Reference Guide.
RAID-1. This release introduces support for RAID 1 operation. A Redundant Array of Independent Disks (RAID) uses two or more hard disk drives to improve disk speed, store more data, and/or provide fault tolerance. RAID can be implemented using special hardware or it can be implemented in software. The Vyatta system supports a software “RAID 1” deployment on two disks. This deployment allows two disks to mirror one another to provide system fault tolerance. Every sector of one disk is duplicated onto every sector of all disks in the array. Provided even one disk in the RAID 1 array is operational, the system continues to run, even through disk replacement (provided that the hardware supports in-service replacement of drives). RAID 1 can be used to reduce or eliminate downtime associated with disk failure without having to resort to flash-based, solid-state storage, which is often lower performance, lower density, and more expensive. RAID 1 is configured during installation. Commands for setting up RAID 1 are described in the Vyatta High Availability Reference Guide.
Experimental Support for Ethernet Link Bonding. Multiple physical Ethernet links can now be bundled to create a larger virtual Ethernet link. Bundling Ethernet links increases performance between two devices without requiring an expensive higher-speed physical link. It also provides redundancy, since the bundle retains connectivity if an individual link fails. Commands for configuring Ethernet link bonding are described in the Vyatta LAN Interface Reference Guide.
Experimental Support for Wireless Modem. This release of the Vyatta system implements experimental support for USB wireless modems (e.g. providing connectivity to 3G networks). Currently, wireless modem support has been tested against a Sierra Wireless USB Connect 881 modem and a UT Starcom (Pantech) 3G modem. Wireless modem support can provide backup connectivity or primary connectivity to remote devices. Commands for wireless modem support are described in the Vyatta WAN Interfaces Reference Guide.
Experimental Support for IPv6. Experimental support for IP version 6 (IPv6) has been added in this release. IPv6 versions of configuration commands have been added for BGP, RIP next generation (RIPng), and static routes. IPv6 versions of operational commands have been added for RIPng, Neighbor Discovery, ping, and showing routes. Support for IPv6 is documented in a special stand-alone chapter, “IPv6.” IPv6 is not yet supported for firewall, VPN, and other high-level services. IPv6 compatibility with these features will be added in following releases.