Release Notes PN 93000408_W1 PortServer TS 8/16 EOS 82000684_W1 EOS February 19, 2016 INTRODUCTION This is a production release of the firmware (EOS) for the PortServer TS product family. These devices support TCP/IP, Telnet, Reverse Telnet, SNMP, PPP, SSHv2, Port Buffering, ARP-Ping, ADDP, DPA-Remote, and Digi's patented RealPort software for COM or TTY port redirection. SUPPORTED PRODUCTS PortServer TS 8 - 50001208 Revision E and Greater PortServer TS 16 - 50001207 Revision F and Greater PortServer TS 16 Rack - 50001185 Revision D and Greater PortServer TS 16 Rack - 50000854 PortServer TS 16 Rack - 50000722 PortServer TS 8 MEI - 50000777-02 PortServer TS 16 MEI - 50000777-01 BUG FIXES CVE-2014-3566: Fixed SSL/TLS by eliminating POODLE vulnerability. Fixed ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION identified when trying to open a secure WebUI connection with latest version of Chrome (45). ENHANCEMENTS KNOWN LIMITATIONS - Device performance may be affected if rpauth is enabled and the shared secret does not match the driver setting. - Once a device is authenticated using RealPort Authentication it will stay authenticated for the duration of the RealPort session. If you change the rpauth state=disabled, you will need to reboot the device or restart the RealPort service. Simply closing the port does NOT stop the RealPort session. - Microsoft Internet Explorer 6 Service Pack 1 (SP1) has a known problem where it displays the error message "Internet Explorer Cannot Open" when you use an HTTPS URL to access this Digi product. The following Microsoft article explains the problem: http://support.microsoft.com/default.aspx?kbid=812935 POST & FIRMWARE UPDATE You can update the POST and/or firmware of your terminal server either through the terminal server's web interface or command line interface. NOTE: When updating the firmware of your terminal server to a new version, please ensure that you are running the most recent POST as well. If you need to update your POST, it must be done BEFORE the firmware update. Please ensure that you are running POST 82000685_E or higher. POST update via the web interface --------------------------------- Log on to the terminal server's web interface. Go to Administration > Update Firmware. In the From a File section, select POST from the Update list. Click Browse... and navigate to the POST file. Click Open, then click Update. When the update process has finished, click Reboot to restart the terminal server. POST update via the command line interface ------------------------------------------ This option requires a TFTP server. First, copy the POST image to the TFTP server. Then, log on to the terminal server's command line interface and update the POST with the following command: boot load-boot=:82000685_.bin When the update process has finished, restart the terminal server with the following command: boot action=reset Firmware update via the web interface ------------------------------------- Log on to the terminal server's web interface. Go to Administration > Update Firmware. In the From a File section, select Firmware from the Update list. Click Browse... and navigate to the firmware file. Click Open, then click Update. When the update process has finished, click Reboot to restart the terminal server. Firmware update via the command line interface ---------------------------------------------- This option requires a TFTP server. First, copy the firmware image to the TFTP server. Then, log on to the terminal server's command line interface and update the firmware with the following command: boot load=: When the update process has finished, restart the terminal server with the following command: boot action=reset HISTORY 2013-11-01: 80000684_W BUG FIXES Fixed a security issue that could potentially grant excess permsissions to an attacker. 2012-10-08: 8200684_V2 ENHANCEMENTS Updated the expiration date of the Digi self-signed certificate 2012-02-10: 82000684_V1 BUG FIXES Fixed an issue where certain newer SSH clients could no longer connect with the Digi SSH server Fixed an issue where the Digi device would run out of TCP sockets 2011-03-24: 82000684_V BUG FIXES Fixed an issue where too much serial receive data was being accumulated before transfer to the network at low baud rates Fixed an issue where under some conditions an ATDT command to pmodem that normally works fine stops working Fixed an issue where the DHCP client would not accept a DHCP ACK response to a DHCP request when in re-binding state Fixed an issue where a modbus poll of 1 bit from AB PLC incorrectly returns 2 bytes of data, it should return 1 byte Fixed an issue where SNMP traps with timestamps greater than 7FFFFFFF result in malformed traps Fixed an issue where FF characters were being doubled by pmodem when a connection is established via an "atdt " command from the terminal. Added the atdtraw=on|off option to "set pmodem" CLI command to allow disabling this behavior when atdtraw is set to on. Fixed an issue where using the web UI to set/change auth settings results in issues with the RealPort portion of auth settings. The changes do not add the RealPort options to the web UI but do set and clear them in a saner manner. The CLI is the only place where RealPort options are fully controllable. Fixed an issue where the ATC CHANGE IPADDRESS command was not working in PModem 2009-12-23: 82000684_U3 BUG FIXES - Fixed a PModem panic that happened when certain AT commands were issued ENHANCEMENTS - Added Digi Login Success/Failure traps for http and https 2009-03-04: 82000684_U2 BUG FIXES - Fixed a problem where when accessing the device with IE6 or IE7, the user can get an HTTP 400 error 2007-12-05: 82000684_U1 BUG FIXES - Fixed a race condition that caused occasional transmits to be lost 2007-11-14: 82000684_U BUG FIXES - Reworked premessage logic to insure the premessage and login prompt are displayed correctly under all conditions - Fixed a problem where the new base port did not become effective immediately on a "revert config=factory" - Fixed a problem where the SNMP meiDescription field always said "half-duplex" even when set to full-duplex - Fixed a problem where the "revert consmenu" command did not revert inband_break - Removed inter-character timeout (aka idletime) option from TS 8/16 CLI because the hardware, and hence the firmware, does not support the feature - Fixed a problem where the SNMP charPortName field could not be set via SNMP ENHANCEMENTS - Added autodrain option to the "set ports" command. This allows the serial side of an autoconnect connection to drain after receiving a close from the network connection - Added delaylogprompt option to the "set logins/netlogins" command This allows a delay between the time when a connection is made and the login prompt is displayed. It is used when modem connect output interferes with the login prompt - Added Advance Digi Discovery Protocol (ADDP) to the of services that can be enabled/disabled via the "set secureaccess" command - For UDP Sockets profile, the UDP Client behavior has changed. Whereas before one was forced to always manually enter a return address, now the behavior is: UDP Client: Serial data received is automatically returned to the last UDP client that sent data. You can override or lock-down the destination by entering 1 or more IP and port pairs below. All serial data is repeated as UDP unicast to all devices in this list. - Under UDP Sockets Client, the default idle time delay was reduced to 100msec, it had been 1000msec (1 sec) - Added the following options to the set secureaccess command in the CLI: ssh-keyauth=on|off - Allow authentication using a public key ssh-pwdauth=on|off - Allow password authentication What these options do is determine which methods of authentication are allowable when negotiating for an SSH connection. When ssh-keyauth is enabled, public key authentication is an allowable method, when ssh-pwdauth is selected, password authentication is valid. The default is for both to be enabled which will allow a client to select and use either method. It is possible to turn them both off, however no authentication will then be possible and SSH connections will fail. - For IA Custom: The ability to define the format and parsing details of a "slave address" has been added. This allows custom protocols to "route", such that a user could define slave #1 as being serial #1, #2-3 on serial 2, #4-10 on serial 3 and so on. This adds 3 new CLI commands only available with protocol=custom: addrtype=(off|binle|binbe|bcdbyte|hexasc|decasc|octasc) Default is off for no node address information available. Setting enables the parse of a slave or node address with the corresponding pattern match. The types or forms are: * off = disable address parsing * binle = binary; little-endian or little byte first; so 0x3132 ("12") is address 12849 * binbe = binary; big-endian or big byte first; so 0x3132 ("12") is address 12594 * bcdbyte = binary; lower 4 bits are decimal 0-9 and upper 4 bits are 00-90; so 0x3132 ("12") is address 3132 * hexasc = ASCII characters of hexadecimal value; so 0x3132 ("12") is address 18 decimal * decasc = ASCII characters of decimal value; so 0x3132 ("12") is address 12 decimal * octasc = ASCII characters of octal value; so 0x3132 ("12") is address 10 decimal addroffs=(0-255) in bytes offset set from start-of-message Default is zero (0) bytes offset. Most protocols place the destination node address in the first few bytes of the message, for example Modbus/RTU starts the slave address at the first (index 0) byte, while DF1 starts the destination address at the third bytes (index 2) addrlen=(1-4) in bytes (some types allow 8 bytes) Default is length of 1 byte. Most protocols handle fairly small 8-bit addresses; however the complete parsed address must fit within a 32-bit unsigned integer. For example Modbus/RTU encodes the slave address as 1 byte of binary (binle or binbe), while Omron Hostlink encodes the slave address as 2 ASCII characters representing a decimal address from 00 to 31. 2007-02-28: 82000684_T1 Bug Fixes - Fix for a MEI switch setting bug. Was not retaining new TXCONTROL behavior when reconfiguring a half-duplex setting. Enhancements - Enable keepalive option for SSH - Update to 2007 timezones 2007-02-28: 82000684_T Enhancements: - Added support for Portserver TS 16 Rack C-RJ - Updated TS MEI support for a new hardware version which allows independent use of RTS in 422/485 half-duplex mode. 2006-05-17: 82000684_S Enhancements: - Added auth filtering for SNMP via the "set snmpauth" command - Added ability to specify secondary and tertiary DNS servers - Added new trace feature that: o Allows logins/logouts to be traced including login ID and where connected from. It can be enabled with "set trace mask=login:info o Makes syslog, systime, loghost, and mask=login:info persistent over reboots - converted multicast behavior to be IGMPv2 per RFC2236. Old behavior was "MBone style" and not compliant to any IGMP RFC. Product no longer claims 224.0.0.2 membership, correctly handles router group queries, and prevents duplicate group reports to queries. - Added an IA summary to the Industrial Automation web page. - Changed some IA Wizard defaults - for example "Message Sources" (Masters) now default to network based and not serial based. - Fixed IA serial driver so reboot is required less often after changes to serial config. - Removed the option to modify a configuration with the IA Web Wizard - this allowed users to break valid configurations. Now, the entire IA configuration is reset every time the wizard is run. - Secure RealPort now allows a user password to be set in both the Digi device and the host driver. This enables strong 128-bit AES encryption with protected authentication. - IA Custom protocol data buffer size is now user settable. Previously was fixed at 530 bytes regardless of protocol requirements. Now can be set from 32 to 8190 bytes. - A pilot "Report-By-Exception" (or XMIT) handler has been added to the Modbus/RTU serial slave driver. The Digi device pauses between slave polls to receive potential "Master Requests" initiated by the slave. Just as with a serial Master-attached, the Modbus/RTU "slave address" is used with the ia route table to determine remote destination. Behavior is assumed HALF-DUPLEX and exact behavior of the slave device after a collision where both units try to send a request at the same time is unpredictable. The Digi device will normally ignore the XMIT request and treat its own request as a timeout. Requirements: 1) port must be set to "type=slave" 2) only 1 slave may be present on the serial line (cannot multi-drop) 3) "fixedaddress" must be set to address of the slave (all other values are assumed to be XMIT transactions) 4) XMIT requests MUST NOT use the fixed address of the slave 5) "lineturndelay" must be set to at least 50 milliseconds to provide a window of opportunity for the XMIT function to send a request. - Updated the time zone tables for 2006. The following time zones are no longer valid: Africa/Timbuktu, America/Argentina/ComodRivadavia, America/Indianapolis, Europe/Belfast, and Pacific/Yap. - Allowed RealPort keepalive to be set via the Web UI - Added ssl_client to the commandline - Added the ability to disable DNS caching - changed "show ia" output to follow CPCONF form, which makes all lines less than 80 characters, plus makes it easier to use cut-and-paste to fine-tune complex IA configurations Bug fixes: - Fixed a problem where a WebUI HTTPS connection was directed to HTTP after a reboot. - Worked-around an Internet Explorer browser bug (KB Q323308) which prevented the configuration from being backed up using HTTPS. - Fixed a DHCP problem where leases greater than 50 days would result in constant DHCP requests - Fixed a problem where on a netcx error, the socket isn't always closed - Fixed memory leak in IA Custom protocol - Fixed a problem with IA Wizard route entries being created incorrectly - Fixed issue with UDP/IP Masters. Modbus/UDP (ie: Modbus/TCP format in UDP/IP) now works. So does serial protocols encap in UDP/IP. - Fixed issue where active serial Master attached to an unconfigured Digi prevented reloading the config due to serial port being busy. - Cleaned up CPCONF dump to have lines less than 80 characters - Fixed the IA Wizard bug where idletimeout defaulted to checked with a value of zero, which caused an error. Now defaults to unchecked. - Fixed issue where outgoing destination (net slave) connections set to passive ("on-demand") would incorrect attempt to reconnect if the remote end terminated an idle connection before the Digi device did. It now leaves the connection down unless there is more data to send. - Fixed numerous minor bugs related to display of temporary data during the IA Wizard. - Fixed a problem where TCP keepalives were not working with RealPort 2006-02-28: 82000684_R3 Enhancements - Added RADIUS "ignore Filter ID" option 2005-12-12: 82000684_R2 Enhancements - Added support for pmodem connections to show up in the WebUI's connection list and the commandline's who list. Bug fixes: - Fixed a pmodem problem where a dialout connection attempt sometimes would fail because of how the carriage return and line feed that followed a dialout command were being processed. - Fixed a pmodem problem where AT commands that looked like hexadecimal digits (e.g. atv0x4) were being interpreted incorrectly as such. - Fixed a pmodem problem with the escape '+++' behavior where a valid escape sequence was going across the data connection. - Fixed a problem where restoring configuration in some cases caused the device to reboot. 2005-09-16: 82000684_R Enhancements: - Added SSL/TLS autoconnect service support. - Added SNTP support for setting the system clock. - Extended DHCP to pass the hostname (via option 12) as a hint to DHCP server when requesting IP address. - Added authentication support to RealPort. Bug fixes: - Fixed problem where the device rebooted after 50 days. - Fixed several PPP authentication problems. In particular a problem was fixed where in some cases CHAP authentication did not work correctly when authenticating in both directions. - Fixed a PPP problem where receiving particular LCP option message caused the device to reboot. - Fixed problem where a serial port being idle for about 30 days would stop receiving data for the next 30 days. - Fixed a problem where the serial port modem lines were not hanging up when they should have been. - Fixed a problem with the MEI version of the PortServer where serial data would sometimes get corrupted when running in RS485 half duplex mode. - Fixed a problem with port buffering feature where a NUL byte would truncate buffered data. - Fixed WEBUI problems related to PPP and Industrial Automation. 2005-03-30: 82000684_L Enhancements: - Improvements and options were added to WEB interface for PPP. - Security feature was added to WEB interface to support filtering of network traffic of network serial services. - Changed the minimum allowed base socket for serial socket network services to 0. Bug fixes: - Fixed a problem found in the K1 release where it was not possible to change the gateway to an address that was on a different subnet than the active IP address when the device was configured for static (non-DHCP) addresses. - Fixed a problem with PPP CHAP authentication that occurred when a peer would send a CHAP challenge greater than 16 bytes and the incorrect CHAP challenge response was being returned. - Fixed a problem with auto connect telnet and auto connect rlogin where escape characters would cause the connection to escape to the command line prompt. - Fixed a problem where it was not possible to disable escape characters for telnet, rlogin, and connect sessions. - Fixed a problem where additional connect, telnet, or rlogin sessions started from the commandline were not being allowed when there were multiple network connections to the commandline. - Fixed a problem where our device was failing to properly negotiate RFC2217 options. - Fixed a problem where rapidly opening and closing serial socket connections was causing a serial port to get stuck. - Fixed a problem where auto connections configured with raw IP addresses were slow to connect when a bad DNS server was configured. - Fixed a problem where auto connect was sometimes losing data if large amounts of data was being sent while the network connection was being established. - Fixed a problem where a raw auto connection was failing to establish a network connection when the data byte 0x03 was being sent during connection establishment. - Fixed a problem with the auto connect flush character option. This option was causing more than a single byte of data to be flushed. Furthermore the default setting for raw connections and connections when the serial device type was not term was incorrectly flushing data. - Fixed a problem where an error message was being returned when using the "set user" command to configure an auto connection with a DNS destination address. - Fixed a problem with the WEB interface where saving some IA settings would return an error when it should have been returning success and warning to reboot. - Fixed some bugs with IA custom protocol and half-duplex where a master or slave not fully half-duplex could cause problems. - Fixed problem where the "cpconf" command or backup of settings was not including the port sharing feature. - Fixed the "splithorizon" feature configurable using the "set forwarding" command. It was doing the opposite of what it should have been doing. 2004-11-19: 82000684_K1 - New 'set secure ssh-keyauth' and 'set secure ssh-pwdauth' options to allow customization of SSH authentication methods - PPP address space can now lie in the Ethernet interface address range. - Fixed an autoconnect rlogin problem that prevented the connection from being made - Multiple RealPort persistent opens now provide better sequencing - Fixed an issue where PPP idle timeout stopped working properly when connected to a Harris Radio Modem. - Fixed an IFC hang that occurred when the only data coming in is XON/XOFF - Fixed reboots while using rlogin 2004-09-05: 82000684_K - Configurable break sequence (in session) for telnet added - Allow admin password to be entered via cpconf. Passwords are NOT exported - Added shared port option to make the first user read/write and subsequent users read-only - Removed admin requirement to send break from console menu - The effect of the "Always keep transmitter enabled" and "Automatically control transmitter by data" radio buttons on the Web UI MRI Serial Settings page were swapped - The kill command did not work correctly for shared ports - Fixed incorrect display in "show versions" 2004-06-09: 82000684_J1 - Ports 9 through 16 don't support Send Immediate Character - TS generates a query to the Radius Accounting socket that causes an error in the Radius accounting log - Fixed "Ping-of-Death" vulnerability 2004-04-22: 82000684_J - Added support for PortServer TS 8/16 MEI - Shared ports, allowing multiple concurrent connections to one port, using reverse Telnet, reverse SSH, connect and RealPort - Expanded the maximum port buffer size to 1MB per port - Chat mode in Multi-Master feature for console management - Port logging, passively logs data going into, out of, or both on a serial port - Fixed a problem with the idle time displayed by "wan" command. - SSH Break - Display connections in Web UI with Modem Emulation causes reboot - No way to manage multiple outlets on multiple controllers in Web UI - Expose the error log in Web UI - WebUI generates an error when attempting to set the port "Description" when port profile is set to Realport - Firmware Release Notes do not call out PortServer TS 16 Rack part number 50000854-01 as a supported product - Custom Application works in VB, but not in C - Idle time out and Keep-up filters on inbound PPP sessions not working - Fixed a problem with idle timeouts not initializing on initial PPP connection. - Static routes are not reinitialized after a PPP connection is broken and reconnected - Software Flow control will automatically turn off when an out-bound PPP session Starts - Idle-time-out and Keep-up filter prevents traffic not defined in the filter from crossing the PPP link - Idle Time out does not initialize on initial PPP connection - Incoming PPP connections cannot specify "negotiated" IP addresses through Web UI - Various PPP memory leaks fixed - Duplicate menus are displayed when using some Windows telnet clients - CHAP challenge being sent by PortServer TS is always wrong 2003-04-28: 82000684_G - New look and feel Web UI - Modem emulation/modem pooling features - RFC 1215 Traps - Power Management Traps - DHCP Keep-alive - Serial Idle Timer - Ability to use any base socket - ADDP protocol enhancements - Altip support with SSH - Allow escape key settings for root to be changed - Allow "set ports show=id" command to be issued by non-root user - Added a premessage option to "set logins" and "set netlogins" - Added modbus and lpd daemon to set services option - SNMP SET operation on destIp field not working - Public key user authentication not working with PuTTY SSH Client - Kermit clients were failing telnet negotiation - Reverse SSH allows users with outgoing=off to connect to ports - Admin function works erratically from within a menu - Cannot use HTTPS to unit when SNMP enabled via "set secureaccess" - Cannot store "ats0=1" in the user profile - Random ports higher than port 8 go into IFC - Loading of firmware image that is too large is not detected - SSH client F-secure fails when accessing the PortServer TS - Using radius for autoconnect fails - Firmware will cause driver to send out "improper response" messages - DCD/DTR flow control not functional