Release Notes PN 93000695_B Connect WAN IA (Cellular Modbus Bridge) 82001661_B EOS October 21, 2008 INTRODUCTION This is a production release of firmware for Digi's Connect WAN IA. The WAN IA starts with the feature set of Digi's Connect WAN VPN, then adds support for Industrial Automation protocols and capabilities. See http://www.digi.com/support/ for complete documentation related to these protocols and special capabilities. The Connect WAN IA, part of the Digi Remote Site Management line of products, provides an alternative to traditional wired TCP/IP Wide Area Networks (WANs), utilizing global wireless Cellular technology to create primary and backup network connectivity. They offer an easy, cost-effective, means of connecting virtually any remote location or device into the corporate IP network. The standard Connect WAN IA hardware includes screw terminals for 10-30vdc power supply and EIA-232/422/485 field selectable serial port. SUPPORTED PRODUCTS Connect WAN IA 1X Connect WAN IA Edge Connect WAN IA GPRS Connect WAN VPN GSM-R SUPPORTED AIR INTERFACES Kyocera M200 (CDMA 1X) Siemens MC75 (Edge) Siemens TC63 (GPRS) Siemens MC55 (GSM-R) ENHANCEMENTS Industrial Automation feature enhancements: - Enhance the IA Modbus configuration via the Web UI. "Industrial Automation" now is listed in the "Application" section of the menu. Previously IA configuration was available only as a port profile selection when configuring a serial port. - The "Set IA Route" setting for protocol address range (protaddr) has been converted to a more flexible scattered-list form. While the old setting was limited to single numbers or ranges (example: 1 or 10-19), the new form allows a collection of single and ranges separated by commas (example: 1,5,10-19,25,7,8). The comma-separated items can be in any order, however a range must be "min-max". Total size is limited to 78 characters. - IA Modbus bridging now tracks basic min/max/average time stats for poll response times. These print out use the "set trace mask=ia:i" setting. - IA Bridging Master, Serial and Table-Route now have a new settings named lineturndelay, which has three modes: * off (which is the default) * lineturn, which enables a smart delay in sending a new request given the last response, promising a minimum idle time on the line. * response, which artificially delays any response, throttling transaction rates for cost sensitive media like cellular and for duty-cycle sensitive products. - If the IA Bridging lineturndelay setting is not off, then the setting lineturntime allows entering milliseconds to be used for the delay. Improve configuration settings implementation to use less memory, better support customized defaults and more effectively manage NVRAM. Add dynamic web page generation support for native web server from Python. Add support for Connectware Manager Web Services. Add support for file system access from Connectware Manager. Add native GPS support with Geofencing application. Add VPN "Responder Only" feature. Add automatic failover from one network interface to another as the default gateway using customer-configurable rules. Failover-capable interfaces include cellular and Ethernet. Allow the system time to be set from the Cellular System Time. Support a Customizable Dialserve Initialization String. Split apart support for the Web Server (HTTP) service and Secure Web Server (HTTPS) service so they are managed independently of one another. Change mobile PPP interface to be always "mobile0" rather than a set of "pppX" interfaces where X varies among products. Add an on-board Primary Roaming List (PRL) update mechanism for Sierra Wireless CDMA/EVDO cellular modules. Add DMZ support to the NAT feature. Add options to set the DNS priorities and gateway priorities lists from the command-line. (27324) Added these options to "set network": gwpriority=(comma-separated interface name list) dnspriority=(comma-separated priority list) Event logging enhancements. - For "uptime", display days+hh:mm:ss versus a time in seconds. - In CLI, support user-selectable time display format. - Automatically determine appropriate time display format according to time source availability and use in a given product. Add start-up event logging in the "system" facility of these items: - product name and ID - model name (if different than the product name) - firmware (EOS) version - boot version - POST version - manufacturing VPD version (build tag) - hardware strapping value The above information is also shown by the "display device" command. Enhance the Event Logging feature to permit the user to clear the log on demand, thereby removing all log entries. This is supported in the web UI (Event Logging page) and the CLI ("display logging action=clear"). Add two new options to the CLI command "display logging": head=(lines) tail=(lines) where "(lines)" is a number of log entries to display. The "head" option displays lines from the start of the event log (the oldest entries), and the "tail" option displays lines from the end of the event log (the most recent entries). (25091) Reduce runtime memory usage, including both executable code and data. The firmware image size also is somewhat reduced. This results in more available memory in the Digi device, which can help improve performance during intervals of high memory demand operations. Improve the DHCP client capability so it persists in attempting to acquire IP configuration information if the DHCP client is enabled in the device configuration settings, and the DHCP client fails to acquire the IP configuration. This could occur if no DHCP server was available when the device booted, or if the Ethernet cable was disconnected at that time. Improve the detail reported in "display techsupport" for the network settings. Specifically, use "show network globalsettings if=*" to report everything available ("show network" is less complete). Add service provider support for Bell Mobility. BUG FIXES Fix e-mail alarm failures. (26107, 25684, 25810) Correct a time rollover bug (wraparound to zero) in the Event Log. Eliminate a memory leak on the VPN identity key/certificate web page. (26255) Correct a bug in which two of the options of the "set vpn global" CLI command, didn't work as the CLI help stated. Specifically, the options "suppress_phase1_lifetimes" and "suppress_delete_sa_for_pfs" are documented to accept "on" and "off" as values. However, the command was expecting "yes" and "no" instead. The command has been modified to accept "on" and "off" as documented, and "yes" and "no" are still accepted as valid option values. (26607) Fix VPN tunnel settings backup/restore issues. (26648, 25010) o Default settings could be backed up but not restored for some options (such as "host address" of 0.0.0.0). o The manual tunnel outbound authentication algorithm "SHA1" could not be restored. It could be set correctly by use of CLI command and web page settings. Fix a problem in which packets would have a zero Ethernet MAC address for up to four minutes when running in IP Pass-through mode. (26760) Fix memory leak related to RCI requests. Increase the general event log maximum message size to avoid message truncation. (24640) KNOWN ISSUES - Digi RealPort can only be used if the Modbus Bridge function is disabled. You cannot use RealPort with Modbus/RTU or ASCII to access the Modbus Bridge function. - Do not attempt to "Port Forward" TCP 502 or UDP 502 to local Modbus/TCP servers while the Modbus Bridge is active - this causes NEITHER function to work. Disable the Modbus Bridge if you desire tradtional Router/NAT function for Modbus/TCP port 502. - Problems have been encountered with some Linksys VPN appliance models when using different Diffie-Hellman group settings for phase 1 and phase 2. To work around this issue and successfully establish the VPN tunnel, use the same Diffie-Hellman group for both phase 1 and phase 2 settings. DOCUMENTATION ERRATA None. ADDITIONAL INFORMATION It is recommended that you perform a backup of your device's settings prior to upgrading your firmware. If you should need to revert back to a previous version of firmware, this will ensure that you will be able to restore your device to its previous settings in the event that some settings are not restored properly after downgrading the firmware. To backup your device settings, follow this simple procedure: 1) Open the web user interface and navigate to the "Administration" section and select "Backup/Restore". 2) Click the "Backup" button and select the location to where you want to save your backup file. To restore: 1) Navigate to the same section within the web UI. 2) Click the "Browse" button to select the backup file you saved in the previous steps. 3) Click the "Restore" button to upload the configuration settings contained in your backup file. On initial boot of this device, it will generate some encryption key material: an RSA key for SSL/TLS operations, and a DSA key for SSH operations. This process can take as long as 40 minutes to complete. Until the corresponding key is generated, the device will be unable to initiate or accept that type of encrypted connection. It will also report itself as 100% busy but, since key generation takes place at a low priority, the device will still function normally. On subsequent reboots, the device will use its existing keys and will not need to generate another unless a reset to factory defaults is done, which will cause a new key to be generated on the next reboot. HISTORY 82001661_B (2.8.1.10) - October 21, 2008 See ENHANCEMENTS and BUG FIXES information above. 82001661_A1 (2.7.0.20) - July 21, 2008 ENHANCEMENTS: Add support for the Siemens MC55 (GSM-R) air interface card. Add "show ddns" to the list of commands run by "display techsupport". (25725) BUG FIXES: Remove the VPN "interfaces" (vpn0, etc.) from the list of valid interfaces for configuring a static route. These are not true network interfaces in Digi's network stack. They are not suitable for static routes, since only IPSEC policies may be used for the purpose of routing packets through tunnels. These VPN pseudo-interfaces are meaningful only for the VPN "Virtual Host" mode. 82001661_A (2.7.0.18) - February 12, 2008 Initial release.