Release Notes PN 93000694_D2 Connect WAN 82001660_D2 EOS February 12, 2010 INTRODUCTION This is a production release of firmware for Digi's Connect WAN product line. The Connect WAN family, part of the Digi Remote Site Management line of products, provides an alternative to traditional wired TCP/IP Wide Area Networks (WANs), utilizing global wireless Cellular technology to create primary and backup network connectivity. They offer an easy and cost-effective means of connecting virtually any remote location or device into the corporate IP network. SUPPORTED PRODUCTS Connect WAN 1X Connect WAN Edge Connect WAN GPRS Connect WAN GSM-R SUPPORTED CELLULAR MODEMS Within the cellular product family, Digi has continued to add support for cellular modules as vendors make updates and improvements to support the latest chipsets and cellular technology. As new modules come on the market and older ones go obsolete, Digi is committed to supporting the products we have sold and continue to sell to our customers. The level of support that we are able to provide falls into one of the following categories: 1) Full Support These modules are shipping in Digi products. An essential part of our product testing is to make sure these modules are compatible and function properly. Operational and performance issues with these modules that are found by customers will be verified, scoped and scheduled to be fixed in an upcoming firmware release. Siemens/Cinterion: MC75 REL 4, REVISION 04.001 TC63 REL 3, REVISION 03.001 Kyocera: M200, S/W VER: LF1.2.11 LF1211 PRL: 10028 2) Partial Support These modules had shipped in Digi products in the past but are no longer actively supported by the module vendor. Firmware testing no longer includes these modules, however every attempt is made to maintain support as features and improvements are implemented. Issues with these modules that are found by customers will be verified, scoped and either scheduled to be fixed or a newer, supported module offered as an upgrade option. Siemens/Cinterion: MC75 REL 2, MC75 REL 3, TC63 REL 2 3) Limited Support These modules have never shipped in Digi products and have never been part of firmware testing and verification efforts. These modules may be similar to full/partially supported modules by the same vendor and may even have been informally tested and shown to work in Digi products. Operational and performance issues with these modules that are found by customers will be evaluated and scoped to be fixed on a business case basis. Siemens/Cinterion: MC55, MC56 4) Not Supported These modules have never shipped in Digi products and are known to be incompatible. Siemens/Cinterion: TC65 ENHANCEMENTS Eliminate excessive event logging for SMS activity. A two-level logging capability is now implemented this such that the original detailed event logging is still available, but the customer must enable it via the settings (CLI, web UI, RCI). By default the event logged SMS activity is now leaner than it was previously. (32265) Improve the Mobile Configuration Advanced Settings web page and the associated web help. The new text states that the mobile connection must be restarted (or the device rebooted) for the settings changes to take effect. The help information was updated with a more detailed discussion of issues for manual carrier selection. (25271) Improve iDigi (Connectware) client's connection backoff/retry logic in the case of failure to connect to the iDigi server. If SNTP Server use is configured as a time source in the Date and Time Settings, with a domain name specified for the time server, the time query could fail if the Access Control List (ACL) feature is enabled. The SNTP client has been modified to temporary configure an ACL entry to permit the time server access, then remove the temporary ACL entry on either success or failure of the time server query. This avoids the need to explicitly configure the time server's IP address in the ACL. A possible stale name resolution condition also was eliminated. BUG FIXES Modify SSH to prevent an initial false SNMP login failure trap when the SSH client connects with the "none" authentication method. (1278304). Fix issues in the SSH service implementation: - Eliminate possible memory leaks when loading DSA/RSA keys. - Fix a failure to disconnect and report the reason to the client when the maximum number of authentication failures is reached. Allow auto-IP addresses (169.254.0.0/16) to be used in IP packets and translated/forwarded by the NAT feature. This had been rejected by the network stack in previous firmware releases. With the Digi device operating in IP Pass-through mode, when working with a pass-through host whose IP settings are statically configured, communication from the mobile network to the pass-through host could be temporarily lost. The loss of communication could occur in as little as four minutes after a successful communication (although usually longer). The outage could continue until the pass-through host sends packets to the Digi device, to be forwarded to the mobile connection. The problem has been corrected. (30936) Fix a bug in the DHCP client that accumulates small network buffers on the DHCP client's internal information structure. This occurred for options received from a DHCP server that are unrecognized by the DHCP client. These buffers are now freed to avoid gradual memory depletion. Fix an issue where the Send Character Immediate IOCTL was not getting a response, causing a RealPort hang. (32061) Eliminate some unneeded information from the configuration backup file. (32511, 32512) Fix a bug that prevented use of the 7-bit, no parity selection on the external serial port. (30090, 1284975) Flush the DNS resolver cache when the DNS server list changes (servers are removed). This avoids a possible stale DNS resolver cache issue. Disallow an attempt to set the IP address for a network interface and the interface-specific gateway to the same value, which causes problems for routing in the network stack. 0.0.0.0 is substituted for the gateway so IP routing is not adversely affected. KNOWN ISSUES Although multiple SNTP Server entries may be configured as time sources in the Date and Time Settings, only the first one in the list is used. DOCUMENTATION ERRATA None. ADDITIONAL INFORMATION It is recommended that you perform a backup of your device's settings prior to upgrading your firmware. If you should need to revert back to a previous version of firmware, this will ensure that you will be able to restore your device to its previous settings in the event that some settings are not restored properly after downgrading the firmware. To backup your device settings, follow this simple procedure: 1) Open the web user interface and navigate to the "Administration" section and select "Backup/Restore". 2) Click the "Backup" button and select the location to where you want to save your backup file. To restore: 1) Navigate to the same section within the web UI. 2) Click the "Browse" button to select the backup file you saved in the previous steps. 3) Click the "Restore" button to upload the configuration settings contained in your backup file. On initial boot of this device, it will generate some encryption key material: an RSA key for SSL/TLS operations, and a DSA key for SSH operations. This process can take as long as 40 minutes to complete. Until the corresponding key is generated, the device will be unable to initiate or accept that type of encrypted connection. It will also report itself as 100% busy but, since key generation takes place at a low priority, the device will still function normally. On subsequent reboots, the device will use its existing keys and will not need to generate another unless a reset to factory defaults is done, which will cause a new key to be generated on the next reboot. HISTORY 82001660_D2 (2.9.0.11) - February 12, 2010 See ENHANCEMENTS and BUG FIXES information above. 82001660_D1 (2.9.0.7) - October 30, 2009 ENHANCEMENTS: Add support for Short Message Service (SMS) capabilities for GSM cellular modems. This feature is available for all GSM cellular modems identified in the "Full Support" list under SUPPORTED CELLULAR MODEMS above. SMS may be used for remote command of the device, alarms, event monitoring and Python application interaction (send and receive). Python support is provided via the new Python module "digisms". The use of passwords and a sender control list (to filter messages that are received from unknown senders) provide user-configurable security for this new feature. Add "Paged Connection" support to the Remote Management settings. This may be used in conjunction with the SMS feature. Add SNTP Client as a time source for time source management. This new feature adds SNTP client as a source for time management. It allows the device to synchronize its clock with NTP/SNTP servers. Configuration for this feature is available through RCI, the web UI and the command line "set clocksource" command. Add an "offset" from UTC to time source management. This new feature adds the ability to modify Coordinated Universal Time (UTC) by increments that correspond with time zones. Configuration for this feature is available through RCI, the web UI and the command line "set time" command. Add logging for time events such as changes to offset or time "jumps". Add SSL connection support and simple password authentication for device connections to the iDigi Server (Connectware Manager Server). Add support for RealPort authentication. Add numerous commands to "display techsupport" for improved reporting. (31539, 31689) Reduce the amount of alarm data sent at the start of a connection to an iDigi Server (Connectware Manager Server) by sending only the active alarms. This improvement is coupled with a server change to not request the current state of all alarms. Add support to flush the ARP table and DNS resolver cache on demand. Enhance "display dnsserver" to display resolver cache entries. Automatically flush the DNS resolver cache when the DNS server list changes, removing possibly stale cache entries. Add the ability to set the SIM PIN for GSM modems to the command line interface: set mobile sim_pin=. Add units to ambiguous measures on the GPS position web page. (29856) Allow fully qualified domain names (FQDN) instead of only IP address for a number of features. These features are: AutoConnect, UDP Serial, SNMP trap destinations, and the alarms e-mail server. For UDP Serial, a lookup of the FQDN (typically in the DNS resolver's cache) is done for each packet sent, with a full name resolution occurring only when the cached entry's time-to-live expires (or the cache is flushed). This supports dynamic destination IP addresses. (19517, 30637) Add options to CLI, web UI and RCI to save encrypted passwords and keys in the configuration backup file. Configuration restore accepts either encrypted or plain text passwords and keys. (15108) Change the signature method on the self-generated, self-signed certificate from MD5 to SHA1. Although MD5 is not generally unsafe, SHA1 is deemed to be the most secure. All browsers or SSL clients recognize SHA1 instead of MD5. Expose 'rmdir' and 'rename' calls to Python through POSIX wrapper. Update the web UI for IP Forwarding Settings to show the maximum number of entries for Static routes and "Forward TCP/UDP/FTP connections...". (31866) ENHANCEMENTS in 82001660_D1 subsequent to 82001660_D: Add support to send login success and failure traps via SNMP when a user logs into the device using HTTP or HTTPS. On the Alarms Settings web page and in associated help, clarify that the SMS feature must be enabled to successfully send alarms via SMS. Improve the information sent for some alarm conditions when e-mail or SMS is the configured method for sending the alarm. BUG FIXES: Correct a problem in selecting (enabling) some mobile service frequency bands when using the Siemens/Cinterion modems. This change accommodates particular environments in which some mobile service providers operate using typical North American frequencies (850 and 1900 MHz) while others operate using typical European frequencies (900 and 1800 MHz). (30705) When cellular PPP instance settings are set via RCI, mobile PPP settings are set instead to maintain backward compatibility. Change this to also enable the cellular PPP instance, which allows cellular connections to be fully enabled via RCI. (31946) Remove reference to GSM from RSSI alarms in web UI. (25830) Check if enough free memory is available to handle a firmware update from the iDigi Server (Connectware Manager) and return an appropriate error response if not. (31321) Fix a bug that limited length of the primary SNMP destination field in the SNMP Settings web UI. (31895) Add a change to work around a problem in which Digi products do not accept gateways from Apple's Airport Extreme when the Digi product is configured as a DHCP client and the Apple is the DHCP server. (31166) Add Mobile System Information help text to the web UI help information. (31839) Improve a condition under which client-initiated connections to the iDigi Server (Connectware Manager Server)) won't start unless the "Reconnect after..." box is checked. (31885) Eliminate several memory leaks. BUG FIXES in 82001660_D1 subsequent to 82001660_D: Fix a bug in which login success and failure traps were not being sent via SNMP when a user logs into the device using SSH. (32161) Fix a bug that could cause the device to reboot when an alarm is sent via SMS. Fix a condition in which some specific characters could not be sent in SMS messages sent by Python. The characters are: [ \ ] ^ { | } ~ 82001660_D (2.9.0.5) - October 17, 2009 Not released for customer use. See ENHANCEMENTS and BUG FIXES information for 82001660_D1 EOS. 82001660_C1 (2.8.4.16) - August 28, 2009 ENHANCEMENTS: None. BUG FIXES: Fix a memory leak that may occur when DNS lookups are performed. Although the leak is small, it can lead to memory exhaustion in systems that perform many DNS operations, such as some iDigi client configurations. (30870) 82001660_C (2.8.4.7) - March 31, 2009 ENHANCEMENTS: CELLULAR ENHANCEMENTS: Add capability to report ICCID of the SIM cards. Improve mobile band and carrier selection for GSM modules. Add warning and informational text to web UI, carrier scan wizard and web help. For carrier selection, indicate discovery of 2G and 3G carriers when displayed in the carrier scan wizard. (25271, 28118, 29251) Add information to the event log and the UI (CLI, web and RCI) that indicates the user's choice of manual or automatic cellular band and carrier selection. (24942) Improve the CDMA module provisioning wizard: - Enable PPP on successful provisioning. (29078) - If network provisioning fails, offer a choice of retrying network provisioning, instead of manual provisioning. Choice of manual is available only at the start of the provisioning wizard. Add support to SNMP for mobile link up/down traps. (25003) GENERAL/OTHER ENHANCEMENTS: Add configuration web page for MEI in all MEI-capable products. Update "display techsupport" to include new and additional commands. Add the current date/time to the device status display (CLI and web UI), in addition to the uptime value for the device. For event logging, add the device uptime to end-of-log display line (both CLI and web UI), if the timestamp display for logging is other than the uptime (such as date/time). Add simple CLI to manipulate the time source management settings. See CLI command "set clocksource". Use NMEA 0183 default settings for GPS profile. These settings are: 4800,8,N,1,no flow control. (29439) BUG FIXES: CELLULAR BUG FIXES: Fix a panic in the mobile carrier scan thread in the web UI. (26476) Fix a bug in which PPP statistics may display as negative values in "display pppstats". (related to 22844) Correct a bug in which e-mail alarms and snmp traps are not working for a mobile configuration change event. (26810) Fix a bug in which selecting a GPS profile for a serial port, causes the device to not connect to the cellular network. (28908) Fix a high CPU utilization issue that occurs while PPP is bringing up a connection. (29771) Fix a problem in which the network time acquired by the Siemens MC75 or TC63 modem, was improperly used to update the system's real time clock. (29646) Fix a problem in which a mobile PPP connection failed or was very slow to be established using a Siemens MC75 or TC63 modem in Europe. The incorrect 2G GSM frequencies were being configured as "preferred bands" resulting in a long delay before the correct European bands were used. (29849) GENERAL/OTHER BUG FIXES: Implement RFC-specified validation for a hostname, per the requirements for DHCP option 12. The RFCs consulted include 952, 1035, 1123 and 2132. The maximum length of the hostname is increased to 127, increased from 31. Support for a FQDN also has been implemented. Web UI help has been updated to describe a valid hostname construction. (27588) Strip carriage returns from TFTP loaded Python scripts. (26971) Add a very basic stat call for FAT FS, so we can report st_size. (22785) Add a check to the DHCP server to accept datagrams only if received on the interface being served by the DHCP server. Affects only devices with multiple LAN interfaces Fix a bug that occurs when restoring a public key: the value is set to the key plus additional bytes, resulting in a corrupt key. (27780) Add option value ranges to CLI "udpserial" command help. (29034) If a public key has been enabled for SSH, allow authentication based on the key regardless of the password setting. Dynamically generate a list of accepted authentication methods based on the configuration of the device. (27834) 82001660_B (2.8.1.10) - October 21, 2008 ENHANCEMENTS: Improve configuration settings implementation to use less memory, better support customized defaults and more effectively manage NVRAM. Add dynamic web page generation support for native web server from Python. Add support for Connectware Manager Web Services. Add support for file system access from Connectware Manager. Add native GPS support with Geofencing application. Add automatic failover from one network interface to another as the default gateway using customer-configurable rules. Failover-capable interfaces include cellular and Ethernet. Allow the system time to be set from the Cellular System Time. Support a Customizable Dialserve Initialization String. Split apart support for the Web Server (HTTP) service and Secure Web Server (HTTPS) service so they are managed independently of one another. Change mobile PPP interface to be always "mobile0" rather than a set of "pppX" interfaces where X varies among products. Add an on-board Primary Roaming List (PRL) update mechanism for Sierra Wireless CDMA/EVDO cellular modules. Add DMZ support to the NAT feature. Add options to set the DNS priorities and gateway priorities lists from the command-line. (27324) Added these options to "set network": gwpriority=(comma-separated interface name list) dnspriority=(comma-separated priority list) Event logging enhancements. - For "uptime", display days+hh:mm:ss versus a time in seconds. - In CLI, support user-selectable time display format. - Automatically determine appropriate time display format according to time source availability and use in a given product. Add start-up event logging in the "system" facility of these items: - product name and ID - model name (if different than the product name) - firmware (EOS) version - boot version - POST version - manufacturing VPD version (build tag) - hardware strapping value The above information is also shown by the "display device" command. Enhance the Event Logging feature to permit the user to clear the log on demand, thereby removing all log entries. This is supported in the web UI (Event Logging page) and the CLI ("display logging action=clear"). Add two new options to the CLI command "display logging": head=(lines) tail=(lines) where "(lines)" is a number of log entries to display. The "head" option displays lines from the start of the event log (the oldest entries), and the "tail" option displays lines from the end of the event log (the most recent entries). (25091) Reduce runtime memory usage, including both executable code and data. The firmware image size also is somewhat reduced. This results in more available memory in the Digi device, which can help improve performance during intervals of high memory demand operations. Improve the DHCP client capability so it persists in attempting to acquire IP configuration information if the DHCP client is enabled in the device configuration settings, and the DHCP client fails to acquire the IP configuration. This could occur if no DHCP server was available when the device booted, or if the Ethernet cable was disconnected at that time. Improve the detail reported in "display techsupport" for the network settings. Specifically, use "show network globalsettings if=*" to report everything available ("show network" is less complete). Add service provider support for Bell Mobility. BUG FIXES: Fix e-mail alarm failures. (26107, 25684, 25810) Correct a time rollover bug (wraparound to zero) in the Event Log. Fix a problem in which packets would have a zero Ethernet MAC address for up to four minutes when running in IP Pass-through mode. (26760) Fix memory leak related to RCI requests. Increase the general event log maximum message size to avoid message truncation. (24640) 82001660_A1 (2.7.0.20) - July 21, 2008 ENHANCEMENTS: Add support for the Siemens MC55 (GSM-R) air interface card. Add "show ddns" to the list of commands run by "display techsupport". (25725) BUG FIXES: None. 82001660_A (2.7.0.18) - February 12, 2008 Initial release.