26. Changelog

26.1. VT AIR 24.10

1. DHCP Relay:

   The DHCP Relay can now be used alongside the DHCP Server on the Firewall. Only one of each can run on a single interface.

2. DNS Firewall:

   The DNS Firewall was reworked and offers different categories now.

3. HAProxy Frontend:

   You can now connect Frontends, the main Frontend will carry all major settings. This makes it easier to distinguish frontend configurations, that can be grouped.

4. Webfilter Active Directory:

   Support for binding the Webfilter to Active Directory for authentication and group checks.

5. Firewall Rule Last Used:

   Firewall rules will show a last used counter and information about the states and traffic. It allows to see which rules are used how much.

6. Other Changes:

   • LDAPs fixes

   • HAProxy improvements for custom error pages

   • Notification if the hard disk space runs low

   • Kea DHCP Server support for relay agents

26.2. VT AIR 24.07

1. DDoS Whitelist:

   DDoS has an accept parameter now to whitelist ips from blocking

2. Config Check:

   Services like the Webfilter will run a config check now before applying new settings

3. Webfilter:

   The number of used CPUs can be configured. The blocklists have been reworked and have their own tab now. They can be enabled per category. Custom Configs for Pre ACL and Post ACL

4. LLDP:

   LLDP neighbors can now be seen in the GUI if the LLDP service is active

5. Other Changes:

   • Bond Diagnostics

   • HAProxy improvements for custom error pages

   • DNS Diagnostics has a field to resolve IPs

   • Captive Portal Diagnostics Show User if any

   • Unbound DNS Safesearch

   • DHCP HA Mode can be configured

   • SNMP for Cellular modems

   • Letsencrypt custom ACME server support

   • STP configure Port priority

   • Intrusion Protection for Layer 2 Bridges

   • Add CSP header for security

26.3. VT AIR 24.04

1. Interface Groups:

   Allow interfaces to be grouped. At the moment the group can only be used in NAT rules.

2. Active/Active Firewall Cluster:

   In the VRRP IP options a new field sets the default destination for an VRRP IP. This allows for an Active/Active Firewall Cluster where each firewall can have active VRRP IPs. The clients in the network need to have different Gateways to either use Firewall 1 or Firewall 2. In case of a failover one Firewall will hold all IPs.

3. Gateway Check in the routing daemon:

   The Gateway Check is now moved to the dedicated vtair-routing daemon for faster and more reliable Gateway failovers.

4. HAProxy Custom Error Page:

   Error pages are now configurable and can be used in combination with ACLs and Actions to customize when a page is show.

5. WebVPN 2FA Support:

   A new option allows to use the VT AIR 2FA in the User settings for the WebVPN.

6. Other Changes:

   • Kernel Update to 6.6 LTS

   • SNMP add write for VT AIR OIDs

   • Fix IPSec interface check when multiple phase1 share one interface

   • WLAN Client option for SSID and Password

   • Fix logserver changes are not applied

   • HASync also sync the Captive Portal Database

   • HAProxy make Actions sortable

   • HAProxy option to have one backend per host name

   • HAProxy fix ACL IPs with a large amount of entries

   • IPSec logfile from diagnostics page

   • OpenVPN logfile from diagnostics page

   • OpenVPN Copy ask for new Name

   • Field for Kernel boot options

   • HAProxy move to nbthreads instead of processes

   • WebVPN RDP new option for default keyboard layout

   • HAProxy add client certificate option Optional or Required

   • HAProxy health check for LDAP

   • Dynamic Routing Diagnostics show internal routing database

   • IPSec Phase 1 new IPComp option

   • Aliase Entries introduce paging for large amount of entries

26.4. VT AIR 24.01

1. LTE450:

   Support for the new LTE450 network

2. Password Change:

   At first login a password must be set for the admin user before the GUI is available. This is a major change to the previous default password and is required to comply with new security regulations.

3. SNMP:

   New custom SNMP endpoints to read the data of Wireguard, IPSec, OpenVPN Server and OpenVPN Client

4. New Database Backend Connector:

   The database connector in VT AIR was rewritten to provide better stability and circumvent situations when the database is busy.

5. Firewall Sets:

   The firewall backend uses more Sets now which speed up the firewall rule load time especially for large setups and geoips.

6. States Sync:

   Option to write synced states directly into the state table instead of using the external cache. This allows for faster failover but higher costs during sync.

7. Other Changes:

   • Fix a race condition where the cache could be filled with old data

   • User Download own Wireguard Profile

   • Dashboard Firewall, IDS, WAF Alert when Logger is disabled

   • Network Object import lists with Mac Addresses

   • Work queue has more details now in diagnostics

   • WebVPN add User, Password and Domain field

   • Fix for Captive Portal HASync of Files

   • Firewall uses the new ipsec Identifier

   • A Security Patch Repository is added when the update licence expires

   • Fix DHCP Pool lease lifetime option

   • Fix bond in bridge change not triggering a change

   • Fix Captive Portal interface change not triggering a change

   • Firewall setting for default policy

   • Captive Portal Diagnostics show traffic data

   • Intrusion Detection Report Excel Table Report

   • Certificates list view show extra information like DNS

   • Fix Interface Stats Diagnostics data not showing correct date

   • DNS fix no restart after interface change

   • WAF various fixes for excluding rules, parsing ajax requests and setting default data

26.5. VT AIR 23.10

1. WAF Engine:

   The Web Application Firewall engine is changed to Coraza. Modsecurity is end of life soon and we transition over to the new engine. It also allows more efficient integration into HAProxy with the spoa interface. Alow with this change, a custom error html page can be set on each HAProxy backend.

2. Routing Backend

   The static routing backend is outsourced to a new daemon vtair-routing. All static and mpls routes are now handled by this need routing daemon which is far more efficient than our previous implementation.

3. Rename LTE

   All GUI entries that had LTE in it are now renamed to Cellular. Since we support 5G now we decided to go with a more generic name.

4. Zero Tier One

   Support for multiple Zero Tier One connections

5. Password Change

   If a user wants to change the own password, the old password will be required as well now.

6. Password Strenght Indicator

   For all passwords, we added a strength indicator to see how good the password is

7. Login Attempts

   Are now logged and shown in the Diagnostics under GUI Logins. All attempts are logged, regardless of success.

8. Running Services

   Will show their corresponding ports in the diagnostics service page.

9. Connected Devices

   All open connections to the VT AIR itself can be seen in the Diagnostics under Firewall - Host Connections

10. User OpenVPN Profile Download

    Users can now download their own OpenVPN Profile in the Profile section when logged into the WebGUI

11. IPSec Phase 1 Fallback

    Another Phase 1 can be picked as a backup tunnel to start in case of the original Phase 1 being down. A Ping check needs to be configured along with the Fallback tunnel to check if the remote endpoint is available.

12. IPSec Interface for multiple Phase 1

    If the networks in the Phase 2 do not overlap, an IPSec Interface can now be used by multiple Phase 1. This makes the management of firewall rules and routes easier as the interface will carry all the different traffic.

13. Other Changes:

    • Webserver IP can now be picked by interface IPs and Virtual IPs

    • Cache gateway status up/down in the backend for faster processing

    • Letsencrypt can now be used with HAProxy in Webserver mode

    • The backup restore progress has more details in the GUI now and shows information until the end

    • Diagnostics Firewallrule Output is now streamed from the Webserver. On large setups the page blocked the entire webserver.

    • WPA Supplicant uses the default wpa_supplicant-wired service name now instead of a custom one

    • More choices for the ICMPv6 types in firewall rules

    • Diagnostics DHCP the apply change banner is now sticky at the top of the screen when scrolling for better visibility

    • Improvements and speedups when using DHCP Interfaces during startup

    • Improvements in detecting when interfaces go up and down

    • Fix for VRRP status was sometimes not shown correctly

    • OpenVPN show interface name in the settings of the tunnel

    • Firewallrule deletion show warning that open states are unaffected

    • IPSec Diagnostics has a new overview list page of all connections

    • HAProxy TCP mode allow certificates and client certificate authentication

    • HAProxy added a new a global custom config section

    • Fix the use of CRLs with HAProxy

    • Fix the AND / OR logic in HAProxy

    • Fix radvd needs IPv6 DNS server and does not start with IPv4 (RFC8106)

    • Fix webproxy spelling error for splice

    • Interface IPv6 track config can now utilize the ID to fix a subnet to an interface

    • Fix DNAT IPv6 was missing the [] to seperate the port

    • Fix Webproxy transparent proxy did not prperly work with IPv6 since the localhost address can not be used for sending (RFC4291)

    • ACME DNS Handle has a description field now

    • Fix Network Objects dynamic entries need to be validated one by one

    • Fix loganalyzer can not save certain json data

    • DHCP Server allow pools with a single IP

    • DHCP Server expose the reclaim parameter

    • Unifi App Image will have a volume created automatically on creation

    • Fix VRRP Master/Backup status setting under load

26.6. VT AIR 23.07

1. XDP DDoS Protection:

   DDoS Firewall Rules are now loaded into XDP which allows for much faster drop rates and protection. A generic XDP programm is now loaded on non native XDP Interfaces if XDP is enabled for the DDoS protection. Intrusion Protection can now also mark flows/states for dropping in XDP when a drop rule hits, allowing for a much faster drop rate of bad traffic.

2. DDoS more options:

   DDoS options are now more fine grained. It is possible to either count dropped traffic (default) or all traffic against the DDoS rate limit. Additional options are always available for SYN and ICMP packets to cover specialized DDoS attack cases.

3. LTE Support second SIM Card:

   LTE modems with a second SIM card can be configured in the GUI now with automatic SIM card switching. This allows to utilize both SIM card slots and if a Gateway of one connection goes down, the Gateway check can trigger a SIM card change. Only one SIM card can be activate at a given time. There is also a GUI option in the diagnostics section of LTE to manually change the SIM card slot.

4. Firewall Option to Disable XDP for a flow:

   If XDP is enabled you can now exclude flows through a firewall rule options. It is useful for QoS or Diagnostics.

5. IPSec Hardware Offload Setting:

   In case of a Mellanox NIC that supports IPSec offload you can enable the setting in the GUI

6. Faster Gateway configuration at boot:

   The default Gateway will be added faster now on boot if possible. This will work for static Gateways and DHCP Gateways.

7. Option to show Hostname in header:

   Show the hostname of the VT AIR in the header and in the login screen. This way you can more easily identify which VT AIR you are on

8. VRF Support:

   Virtual routing and forwarding allows for better seperation of network interfaces and routes. One can now group interfaces by VRF and VRF also allows the creation of a Layer 3 VPN (L3VPN) in combination with our dynamic routing options. VRF can be added in the Interface configuration and added to each assigned Interface in the advanced options.

9. SNMP Conntrack States:

   Export the number of used conntrack states to SNMP

10. HAProxy more Options:

    The configuration of SSL and Cipher Parameter is now possible in the GUI.

11. Firewall Detect Possible Duplicate Rules:

    Each Interface Firewall and Global Firewall Rule has a new option in the GUI to show possible duplicate rules. VT AIR checks the 6 tupple (Source IP, Destination IP, Source Port, Destination Port, Protocol, Interface) to check if there is another rule that might cover the same rule. We do not check any extra options though so a manual check has to be performed. The design requires the firewall service to run first and fill up the data for the check. The same goes for changes of firewall rules which need to be applied first before the new data set is available.

12. Firewall Optimizations:

    We use Sets now for Network Objects and especially Geo IPs, this is a config generation change only. The change allows us to only load used Objects which will speed up firewall rule loading by a lot especically for setups utilizing the Geo IP data. There are no changes to the GUI and it is backend change only.

13. Other GUI Changes:

    • Rename XDP Offloader to XDP

    • Update to the Copyright list of used packages
      
      

14. Other Changes:

    • API Schema file is now only rewritten on a version change to make the GUI start faster

    • Cleanup of old logrotate files in the config directory

    • Fix for addons not available across worker processes

    • Fix for Letsencrypt DNS Handles not beeing HASynced to the secondary firewall

    • Fix for Interface and VirtualIP can have the same IP Address on the same interface

    • Fix for LTE Interface has no Link Local IPv6 address in some cases

    • Fix for Wired WPA Supplicant not having a fake SSID

    • Fix for Bridge interface members and DHCP Server not beeing in the correct state when the GUI starts. They are now reloaded upon the GUI start so we can control interface changes correctly

    • HAProxy delete certificates that are not in use by any Frontend anymore

    • HAProxy duplicate backend do not also duplicate the ACL and Verdict rules in the Frontend

    • Bootup load firewall rules faster

    • WLAN and WWAN interfaces create a stable naming of wwanX and wlanX

    • SNMP fix bridge OID values

    • Support for 5G modems

    • Fix Gateway Monitoring not always recording data for diagnostics

    • Logcleanup can now shrink /var/log to the configured RAM Disk size if RAM disk is enabled

    • Fix QoS Tab is created for non eligible interfaces

26.7. VT AIR 23.04

1. eXpress Data Path flow offloader (XDP)

2. SNMP allow for multiple Trap Server

3. SNMP custom traps

4. Services can have non existing Virtual IPs on standby

5. LTE Dual Stack fixes

26.8. VT AIR 23.01

1. DNS Firewall extend lists

2. Webfilter extend lists

3. DHCP Static Entry as Firewall Object

4. IPSec allow start and trap at the same time

5. Captive Portal Voucher

6. Captive Portal Redirect to another VT AIR

7. Docker Backup Script

8. Webfilter more options in the GUI for Man in the Middle and redirect, as well as logging

9. Webfilter add LDAP Support

10. Change Diagnostic Data to influxdb

26.9. VT AIR 22.10

1. Firewall Rule TCPDump

2. Firewall Rule Trace

3. Interface HASync

4. Add Multiple Options for DNS, DHCP, VirtualIP

5. Config Default Templates

6. Syslog TLS Option

7. Routing Backend Refactoring for faster speed

8. Gateway changes custom scripts

9. Firewall better custom rule GUI

10. GUI Updates and Factory Defaults output improvements

11. Certificate P12 also import CA

12. Network Object Entries reordering

13. Allow to select default firewall rule tab

14. Firewall temp rules with expiration date

15. New radius backend library

26.10. VT AIR 22.07

1. IPv6 Network Prefix Translation

2. Windows AD Client for Identity Awareness

3. PC Client for Identity Awareness

4. Service Speed Improvements

5. Rename Alias to Network Objects

6. Select fields are now searchable in the Webgui

7. Firewall fields for IPs and Ports are changed to real time search fields

8. Firewall Rule support raw syntax

9. DNS Diagnostics

10. Diagnostics IP Addresses country flags

11. IPSec Identifier simplification

12. OpenVPN Diagnostics show encryption for each connected client

13. DHCP Server TFTP iPXE Support

14. QinQ choose VLAN Type

15. Intrusion Detection Option to exclude internal traffic

16. DynDNS Cron option for time based checks

17. Letsencrypt renew support custom script

18. Interface create option for default firewall rules

26.11. VT AIR 22.04

1. Kernel Update to 5.15

2. Move Firewall Rules between Global and Interface

3. AWS Alias list

4. Allow all Interfaces to be disabled

5. Firewall Rule show order

6. DNS Domain allow exact match and all subdomains

7. Webfilter Virus Scan whitelist domains

8. DHCP Static IP lease checks

9. Improve States Diagnostics

10. QoS use only base interfaces

11. HASync optimizations

12. Firewall Rule delete button in edit screen

13. XLXS Export for firewall settings

14. Read Only Group

15. Zerotier Addon

26.12. VT AIR 22.01

1. Systat Sum interfaces

2. WAF Dashboard

3. BGP Passive Neighbor

4. HASync Onboarding

5. HA Sync Sign and Warning Secondary

6. GeoIP Continents

7. OpenVPN Custom Overrides

8. Firewall Rule Divider

9. CSR Sign with CA

10. OpenVPN Remove Peer to Peer

11. Disk Mail Root Notifications

12. VRRP needs a static or dhcp IP

13. Auto Update change

14. Logfile Cleaner

15. HAProxy ssl

16. DNS Domain Overrides allow multiple

17. VRRP Fail on disk error

18. DNS Domain Firewall Rules

19. AWS and Azure

20. Webserver disable TLS 1.0 and TLS 1.1 and DHE Algorithm

21. OpenSSH disable DHE Algorithm

26.13. VT AIR 21.10

1. Update to Debian 11

2. Intrusion Detection Events Dashboard

3. Firewall Events Dashboard

4. Dynamic Routing Custom Config Options

5. Intrusion Detection Email Reports

6. Dynamic Routing BPD Support

7. Dynamic Routing IS-IS Support

8. CSR Import

9. Wireguard Fast Peer Creation

10. High Availability Unicast Option (VRRP and States Sync)

11. Restructuring of the Diagnostics Menu

12. IPSec EAP Radius Support

13. LTE Diagnostics enhancements

14. Support for page size on list views like Firewall

15. Route Diagnostics shows Protocol Name

16. VRRP Fix for IPv4 and IPv6 Support

17. Authenticator 802.1X enhancements and diagnostics

18. OpenVPN Shared Key Config fixes

19. IPSec fix for AES-GCM in Phase 1

20. OpenVPN Restart on Gateway change

26.14. VT AIR 21.07

1. DDoS Firewall Early Drop

2. Suricata DDoS Firewall Blocking

3. Suricata Update Rules or Groups

4. Gateway Check History

5. Web Application Firewall

6. HAProxy Proxy Option

7. Wireguard VRRP Master Option

8. Firewall Rules Delete All

9. Intrusion Protection VT AIR Pro Rules Support

10. Gateway Force Down Option

11. Letsencrypt DNS Authentication

26.15. VT AIR 2.2.9

1. State Counter

2. GRO Fix

3. Netflow Export

4. App Container Environment Variables

5. MPLS LDP

6. OpenVPN GUI Improvements

7. CPU Profiles

8. Fixes

26.16. VT AIR 2.2.8

1. Captive Portal User Authentication

2. VirtualIP Alias can have a Netmask

3. Intrusion Detection option Drop First

4. DHCP Options NTP Fix

5. OpenVPN User Authentication Diagnostics Fix

6. Captive Portal is part of the base Installation

7. Intrusion Detection Diagnostics add a protocol dropdown

8. IP reverse DNS for Firewall and Intrusion Detection Diagnostics

9. App Definition Copy

10. Identity Management

11. User based Firewall Rules

12. VirtualIP Carp setting for start mode (Master/Backup)

13. IPSec fixes and options for close/open/dpd

14. SDWAN support (Preview)

15. Linux Kernel 5.10 (LTS)

26.17. VT AIR 2.2.7

1. App Control (Application Firewall Rules)

2. Security Dashboard

3. VXLAN Support

4. WebVPN Groups Support

5. Webfilter SSL Man in the Middle Support

6. Webfilter Auto Detect PAC File

7. Sudo Support

8. IPSec Ping Check

9. OpenVPN Copy Option

10. Webfilter is part of the base Installation

11. Intrusion Detection show predefined rules

12. Wireguard Copy Option

13. Route remove if Gateway is down

26.18. VT AIR 2.2.6

1. New WebVPN Addon

2. Intrusion Detection is part of the base system

3. Intrusion Detection Speedups

4. SNAT output interfaces

5. Firewall rules trace

6. Google IPs as Alias

7. Notification Messages for Interface, Gateway, Virtual IP change

8. Web Filter (Squid) Fixes

9. Wireguard Config Import

10. Wireguard MTU option

11. Wireguard Routing Table option

12. Web Filter change blacklist

13. Audit Log Export

14. MPLS Support

15. Multipath Routes Support

16. Docker Fixes and Show Ports in the GUI

17. Users and Groups are moved to their own Menu item

18. GUI Login requires System Admin (Admin) or System User (User) group membership

26.19. VT AIR 2.2.5

1. LTE fix SIM PIN leading zero is removed

2. Captiveportal fixes for OSX/iPhone

3. Apply Change now checks for in progress on the Webgui

4. Firewall Rule Routing Table Back Direction

5. Dashboard Traffic Widget can be added multiple times

6. IPSec Allow All/Any as Interface

7. Captive Portal Timeout for clients

8. Alias/CP Hostnames are now resolved more accurately

9. HAProxy Backend Sticky Table

10. Wireguard DNS Server

11. Wireguard Multiple IP Addresses

12. Wireguard Peer Export

13. Wirguard QRCode for config exports

14. PPPoE Interface Master Only

15. SHDSL Mode und PAM

16. Default Certificate can be removed

17. Dashboard Columns can be set

18. Firewall Diagnostics show current ruleset

19. CPU Mitigation can be enabled/disabled

20. SNMP Temperature export

26.20. VT AIR 2.2.4

1. Squid ClamAV Virus Scanner

2. Squid Shallala Blacklist

3. IPSec Diagnostics shows Encryption Paramter

4. LTE Roaming Option

5. Diagnostics have auto reload enabled

6. IPSec Support additional Algorithms (AES-CCM, ChaCha20)

7. GRETAP Support (Layer 2)

8. PCrypt for parallel encryption speedup

9. LDAP Automatic User Sync

10. Auto Update Report Emails

11. DynDNS Strato Support

12. 802.1X Authenticator Addon

13. Firewall Custom Rules in GUI

14. WireGuard VPN Support

26.21. VT AIR 2.2.3

1. Escape Virtual IP Password

2. LTE Templates for Providers

3. Update Pages shows individual updates

4. Traffic Widget option for PPS

5. Backup Name includes hostname and time

6. State Deletion of Offloaded Connections

7. Rate Limit SSH to VT AIR

8. IPSec Secondary Authentication

9. IPSec Client Connection Support

10. IPSec Support for EAP-TLS, EAP-MD5, EAP-MSChapv2

11. Squid Proxy Addon

12. Auditlogs for SHDSL, VDSL, LTE, Apps

13. LTE Autoconnect and Refresh Fixes

14. Captive Portal Updates

15. IPSec Fix Problems with Certificate Authentication

16. DHCP Client Leasetime Field Added

17. Certificate only requires CNAME

18. GRE Keepalive Support

19. SNMP Fixed Interface MIBs for VT AIR Models internal interfaces

20. Fixes

26.22. VT AIR 2.2.2

1. Fixes

2. Firewall Time Support

3. VDSL Diagnostics

4. ARP Table Settings

5. QoS Bridge

6. LTE Diagnostics

7. Certificate Creation on User Page

8. Two Factor Authentication GUI + OpenVPN

9. Captive Portal

26.23. VT AIR 2.2.1

1. Fixes

2. VDSL Settings and Diagnostics

3. Update Email Schedule for Updates

4. Portal Backup of config

5. NAT and Firewall Search

6. Copyright in GUI for all packages

7. GRE over IPSec fixes

8. GRE responder for keepalive IPv4

9. QoS Flow offload fixes

26.24. VT AIR 2.2.0

1. Fixes

2. LDAP Sync User Groups

3. NAT Reflection Netmask

4. OpenVPN Gateways can be selected

5. QoS Flowtable fix

6. Session Timeout can be configured

7. Login IPs can be whitelisted

8. Diagnostics for NTP

9. DynDNS Home Support

26.25. VT AIR 2.1.3

1. Fixes

2. Geo IPs

3. Office365 Firewall Rules

4. DNS Blacklists

26.26. VT AIR 2.1.2

1. Fixes

2. Bond ARP Check

3. SNAT Routing Table

26.27. VT AIR 2.1.1

1. Portal Connection Management

2. Bond in Bridge

3. Bond xmit policy

4. Gateway Groups Diagnostics

5. DNAT Routing Table

26.28. VT AIR 2.1.0

1. Bridge Layer2 Firewall Rules

2. Flowtable Implementation

3. Remote Access Daemon

4. Bugfixes

26.29. VT AIR 2.0.0

1. Config Mode

2. Suricata for IDS/IPS

3. UPNP IPv6 Support

4. Software Raid Support and Diagnostics

5. Syslogs for more Services

6. Auto RAID 1 Installation

7. App Armor

26.30. VT AIR 1.6.0

1. Email Alerts for Updates

2. Strongswan Swanctrl

3. Allow for IPSec Interfaces

4. Backup/Restore fix

5. P12 Certificate Import

6. WPA Supplicant for wired Interfaces

7. IPSec multiple source IPs

8. UPNPNat working

9. Letsencrypt Support

10. Firewall Helper

26.31. VT AIR 1.5.0

1. Addon Apcups

2. Addon Ntopng

3. DHCP Mac Deny

4. TCPDump file download

5. RRD Graphs

6. SMART Status Hard Drives

7. Systemctl for Firewall

8. OpenVPN Server Authentication Server

26.32. VT AIR 1.4.0

1. User Authentication Radius

2. User Authentication LDAP

3. Addon Avahi

4. Addon IGMPProxy

5. High Availability Config Sync

6. High Availability VRRP

7. High Availibilty Firewall States Sync

8. Service changes for HA

9. LAGG set active port

10. SHDSL Option to disable modem

11. Wake on LAN

26.33. VT AIR 1.3.0

1. Fix Users ssh key

2. Limiter Support

3. Fix Reset to factory defaults

4. Ability to change settings after restore before reload

5. Addon Structure

6. HAProxy Addon

7. Hostname Support for Firewall and IPSec

8. HWInterface Support

9. Webgui File Manager

10. VRRP Select Track Interfaces

11. SFP and Bridge Diagnostics

12. OpenVPN Importer

26.34. VT AIR 1.2.0

1. QoS

2. Flowtables for fast forwarding

3. Track Interface

4. DHCPv6 Prefix Delegation

5. Bugfixes

6. DNS over TLS

7. Dynamic DNS

8. Fix firewall rule logging

26.35. VT AIR 1.1.0

1. Fix IP detection problem in Axes behind reverse proxy

2. Add Routing Tables and the ability to assign them via Firewall Rules

3. Add Gateway Fallback and Loadbalancing

4. Handle all Gateways in code now

5. QinQ Interface Support

6. Allow VTI in Bonds

7. Fix backup to exclude certain data

8. MLPPP Support

9. Gateway Monitoring fixes

10. OpenVPN fixes

11. OpenVPN enable certificate + user authentication

12. GUI fixes

26.36. VT AIR 1.0.1

1. fix consumer mixin bug

26.37. VT AIR 1.0.0

1. Inital Release