Release Notes PN 93000698_N3 Digi ConnectPort X4 Digi ConnectPort X4 4G Digi ConnectPort X4 IA Digi ConnectPort X4 4G IA 82001536_N3 EOS 82003073_M EOS Version 2.17.3.2 INTRODUCTION This is a production release of firmware for the Digi ConnectPort X4 and Digi ConnectPort X4 4G. The product name (X4 or X4 4G) is determined when the product is manufactured, according to its networking capabilities. The Digi ConnectPort X4 (and X4 4G) is a hardened, upgradeable wireless gateway for Drop-in Networking. The ConnectPort X4 aggregates and transports ZigBee/802.15.4 network traffic to central data applications over cellular, Wi-Fi, or Ethernet connections. The ConnectPort X4 4G supports IEEE 802.16e, known as WiMAX (Worldwide Interoperability for Microwave Access), rather than cellular as the mobile wireless technology. ConnectPort X4 gateways are a key element of Digi's Drop-in Networking family of products - a collection of hardware components that also includes Digi's XBee (R) adapters, modules, extenders, and bridges - which together enable distributed electronic devices to be wirelessly networked where no wired infrastructure exists, or where access to an existing network is prohibited. The ConnectPort X4 (and X4 4G) includes support for Industrial Automation protocols and capabilities. See http://www.digi.com/support/ for complete documentation related to these protocols and special capabilities. The standard ConnectPort X4 IA (and X4 4G IA) hardware includes screw terminals for 9-30Vdc power supply and EIA-232/422/485 field selectable serial port. SUPPORTED PRODUCTS Digi ConnectPort X4 Digi ConnectPort X4 NEMA Digi ConnectPort X4 4G Digi ConnectPort X4 4G NEMA Digi ConnectPort X4 IA Digi ConnectPort X4 4G IA SUPPORTED CELLULAR MODEMS Within the cellular product family, Digi has continued to add support for cellular modules as vendors make updates and improvements to support the latest chipsets and cellular technology. As new modules come on the market and older ones go obsolete, Digi is committed to supporting the products we have sold and continue to sell to our customers. The level of support that we are able to provide falls into one of the following categories: 1) Full Support These modules are shipping in Digi products. An essential part of our product testing is to make sure these modules are compatible and function properly. Operational and performance issues with these modules that are found by customers will be verified, scoped and scheduled to be fixed in an upcoming firmware release. Siemens/Cinterion: MC75 REL 4, REVISION 04.001 TC63 REL 3, REVISION 03.001 Sierra Wireless: MC5725, p2005001,20224 [Sep 21 2006 15:43:22],, VID: PID: MC5727, Modem Revision: p2410701,51240 [Nov 08 2007] BOOT: SWI6800V2_PP.01.07.01 2007/11/08 APPL: SWI6800V2_PP.01.07.01 2007/11/08 MC8775, H1_1_9_3MCAP C:/WS/FW/H1_1_9_3MCAP/MSM6280/SRC 2007/12/12 MC8790, Revision ID: K1_0_2_8AP C:/WS/FW/K1_0_2_8AP/MSM6290/SRC 2008/09/17 Ericsson: F3507g, Revision ID: R1D06 F3307, Revision ID: R2A11 F3607gw, Revision ID: R1G08 F5521gw, Revision IDs: R1C04, R2A07 Option Wireless: GTM382, Revision IDs: 1.4.6.0Hd (Date: Oct 1 2008, Time: 11:50:07) 1.8.0.0Hd (Date: Jan 14 2009, Time: 14:46:50) 1.9.1.0Hd (Date: Mar 26 2009, Time: 09:10:10) Qualcomm Gobi 2000 (not including Cellular-Ready models): Sprint Verizon Generic HSPA Huawei EM680 w/Gobi Technology (Gobi 3000): Sprint Verizon Generic HSPA Note: Service provider firmware must be pre-loaded on modem. Fusion Wireless: FW2763p, Revision ID: 8.5.16, 8.5.17 Telit: HE910, Revision ID: 12.00.003 2) Partial Support These modules had shipped in Digi products in the past but are no longer actively supported by the module vendor. Firmware testing no longer includes these modules, however every attempt is made to maintain support as features and improvements are implemented. Issues with these modules that are found by customers will be verified, scoped and either scheduled to be fixed or a newer, supported module offered as an upgrade option. Siemens/Cinterion: MC75 REL 2, MC75 REL 3, TC63 REL 2 Sierra Wireless: MC5720, MC8755 3) Limited Support These modules have never shipped in Digi products and have never been part of firmware testing and verification efforts. These modules may be similar to full/partially supported modules by the same vendor and may even have been informally tested and shown to work in Digi products. Operational and performance issues with these modules that are found by customers will be evaluated and scoped to be fixed on a business case basis. Siemens/Cinterion: MC55, MC56 Sierra Wireless: MC8780, MC8781, MC8775V, MC5725V, MC8755V, MC8765, MC8785V, MC8700 Ericsson: F5321gw, Revision IDs: R1C04, R1C08 H5321gw, Revision IDs: R1C04, R1C08 Option Wireless: GTM378, Revision IDs: 2.4.2Hd (Date: Aug 24 2007, Time: 14:27:26) 2.5.10Hd (Date: Feb 04 2008, Time: 14:25:03) 2.5.13Hd (Date: Feb 18 2008, Time: 18:31:16) GTM380, Revision ID: 2.8.0Hd (Date: Oct 11 2007, Time: 10:20:29) Huawei: EM770W HSPA, Revision ID: 11.128.03.00.00 EM820W HSPA+, Revision ID: 11.810.09.05.00 Revision ID: 11.810.09.54.00 Fusion Wireless: FW2770p, Revision ID: 8.5.16 Telit: DE910-DUAL, Revision ID: 15.00.021 (Verizon) 4) Not Supported These modules have never shipped in Digi products and are known to be incompatible. Siemens/Cinterion: TC65 Sierra Wireless: EM3420, EM5625 SUPPORTED WiMAX MODULES GCT / Quanta Microsystems, Inc.: WM553 HIGHLIGHTED PRODUCT CHANGES Starting with the 2.17.0 firmware version, iDigi has been rebranded as Device Cloud Starting with the 2.15.0 firmware version, the changes described in this section are incorporated in this product. Please refer to the HISTORY section of these release notes to identify the specific revision in which these changes were introduced. 82001536_L (2.15.0.6) 82003073_L (2.15.0.6) Introduce a new ConnectPort X4 firmware part, 82003073. This firmware is intended for use on the legacy 16MB CPX4 devices. The firmware supports the same features as the 82001536 firmware, with these differences: o Supports only legacy cell modules that were released with the 16MB devices, including: - Siemens/Cinterion MC75/TC63/MC55 - Sierra Wireless MC87xx (GSM) and MC57xx (CDMA). o WiMAX support is removed. o Dual SIM support is removed (original hardware didn't have dual SIM). o The number of dedicated Ethernet receive buffers is reduced to 32 from 64 to reduce runtime memory use. While the 82001536 firmware will run correctly on the 16MB devices, it may not be possible always to upgrade to the 82001536 firmware due to a lack of available memory for the upgrade process. Upgrade to the 82003073 firmware and use it, or perform a follow-up upgrade from 82003073 to the 82001536 firmware if that is necessary for some reason. Starting with the 2.14.1 firmware version, the changes described in this section are incorporated in this product. Please refer to the HISTORY section of these release notes to identify the specific revision in which these changes were introduced. 82001536_K2 (2.14.1.15) NEW iDIGI MANAGEMENT DEFAULTS Firmware defaults have been changed to enable connectivity to the iDigi(R) Device Cloud and automatic registration of the device to the iDigi(R) Support+ account. Services for registered devices include remote Digi Technical Support, with access to a wider range of remote capabilities through the creation of an iDigi Manager Pro account. iDigi Manager Pro is a web-based service that provides central and remote device management tools including: o Downloading of new software and updates o Editing of configurations and settings o Establishing user accounts with privileges o Selecting additional security measures For more information, visit www.idigi.com. ** NOTE: The following iDigi management defaults change and procedure applies to product versions that provide only an Ethernet or Wi-Fi network interface. Specifically, these defaults DO NOT APPLY to products that include a cellular or WiMAX WAN interface. To disable the iDigi default connection: 1. Open the web UI of the gateway using the method outlined in the Quick Start Guide. 2. Navigate to the "Configuration > iDigi" section. 3. On the "Connection Settings" panel, uncheck the box labeled "Enable Device-Initiated iDigi Connection". 4. Press the "Apply" button. 5. Re-boot the gateway. ** NOTE: The following procedure is applicable only to product versions that support Short Message Service (SMS). Products that do not support SMS will not display the user interface described below. To disable the iDigi Short Messaging (SMS) Opt-In capability: 1. Open the web UI of the gateway using the method outlined in the Quick Start Guide. 2. Navigate to the "Configuration > iDigi" section. 3. On the "Short Messaging" panel, uncheck the box labeled "Opt-in". To completely disable iDigi SMS, uncheck the box labeled "Enable iDigi SMS". 4. Press the "Apply" button. 5. Re-boot the gateway. 82001536_K (2.14.1.6) NEW iDIGI MANAGEMENT DEFAULTS ** NOTE: The new iDigi management defaults change (described below) applies to ConnectPort X4 products that provide only an Ethernet or Wi-Fi network interface. Specifically, these defaults DO NOT APPLY to products that include a cellular or WiMAX WAN interface. Firmware defaults have been changed to enable connectivity to the iDigi(R) Device Cloud and automatic registration of the device to the iDigi(R) Support+ account. Services for registered devices include remote Digi Technical Support, with access to a wider range of remote capabilities through the creation of an iDigi Manager Pro account. iDigi Manager Pro is a web-based service that provides central and remote device management tools including: o Downloading of new software and updates o Editing of configurations and settings o Establishing user accounts with privileges o Selecting additional security measures For more information, visit www.idigi.com. To disable the iDigi default connection: 1. Open the web UI of the gateway using the method outlined in the Quick Start Guide. 2. Navigate to the "Configuration > iDigi" section. 3. On the "Connection Settings" panel, uncheck the box labeled "Enable Device-Initiated iDigi Connection". 4. Press the "Apply" button. 5. Re-boot the gateway. Starting with the 2.13.0 firmware version, the changes described in this section are incorporated in this product. Please refer to the HISTORY section of these release notes to identify the specific revision in which these changes were introduced. 82001536_J (2.13.0.7) HIGHER PERFORMANCE FILESYSTEM (YAFFS) ** IMPORTANT NOTICE: ** PLEASE READ THE FOLLOWING INFORMATION BEFORE UPGRADING THE FIRMWARE. A new filesystem type, YAFFS, is introduced in this release. YAFFS replaces the previous filesystem, NAFS. The YAFFS filesystem offers improved efficiency and performance over its predecessor. YAFFS is used for both the device configuration storage area and the general filesystem in the device. When upgrading the firmware on a device that is running an earlier version of firmware, the new firmware, when it boots for the first time, will perform a one-time, in-place migration (conversion) to YAFFS of the existing NAFS filesystems. All files from the filesystem will be read into memory, and then the files will be rewritten into a YAFFS filesystem. During the conversion, the Status LED on the device will blink at a fast rates, and it will turn off when done. If the conversion fails, the LED will stay on and wink momentarily off once a second. If the LED winks like this, the most likely resolution is to copy and remove some of the files from the WEB filesystem and reboot the device. Once converted, copy the files back into the unit. ** NOTE: After this new firmware version has been installed, older firmware versions that support NAFS may no longer be installed on the device, to avoid corrupting the YAFFS filesystems. MULTIPLE USER SUPPORT An enhanced device user model is now supported in this product. It is now possible to configure multiple user accounts in the device settings. Different users can be given different access permissions, which can be used to restrict user access to features as "read only" or not accessible. A user account begins with a username and password. Each user may be configured to allow access to the device via the Command Line Interface (CLI) and/or the Web User Interface (browser). SSH (secure shell) Public Key Authentication (RSA public key) also may be configured for each user. Access permissions to the various device features may be selected for individual users as well. The requirement that a user must log into the device to access it, is a configuration choice for this product. If logins are required to access the device, all users will be required to log in. In that case, the individual user permissions are observed to access the various features of the product. If logins are not required, no permissions validation is performed, and all features are available. If this firmware is used to upgrade an earlier firmware revision that did not support the multiple user model, the login requirement, username, password and SSH public key settings will be migrated from the previous "single user model" settings to become those of the "root" user in the new firmware. CLOCK (TIME) SOURCE MANAGEMENT SUPPORT The "Clock Source" functionality of the system has been replaced so as to simplify the behavior and improve the consistency of the time values delivered by the system, while still allowing the system to maintain a level of synchronization with external time sources. The updated feature includes a ranking system for clock sources. If a sample is taken from a better clock source than what has thus far been received (has a smaller number), the sample will be used to influence the baseline of our time measurements, and all sources of a less significant rank will be temporarily disabled. This allows the system to get a relatively accurate sense of time as quickly as possible, but eventually to run only listening to the best possible external sources. Internally, on products that have an RTC, the RTC itself is given a ranking of 50. This allows clock sources to be configured with a lower ranking... arranging so that they are only enabled when the RTC has not yet been initialized with a time value, essentially assigning them as one-shot programmers of the RTC. The rankings are re-evaluated when the clock sources are reconfigured, or when a user interface causes a "jump" in the time. Event logging of time-related events also is improved. The event log may be displayed using the "display logging" CLI or via the web UI. IDIGI SMS SUPPORT The iDigi SMS feature allows mobile-enabled (cellular) devices to communicate with iDigi using SMS (Short Message Service) messages. iDigi SMS features include: - Device management - Data messages to python applications - Data collection messages from the device to iDigi, including Dia integration. See www.idigi.com for more information on iDigi. ENHANCEMENTS None BUG FIXES NDS-123, fixed vulnerability to CVE-2014-3566 (poodle SSLv3 vulnerability) KNOWN ISSUES You may encounter "out of memory" problems when upgrading to the latest version of the 82001536 firmware, if you are trying to upgrade an older ConnectPort X4 device that has only 16MB of RAM (rather than 32MB as is in the newer devices). In this case, please upgrade using Digi firmware part 82003073, which is slightly smaller and uses less memory than is the case for 82001536. Refer to the "HIGHLIGHTED PRODUCT CHANGES" section for additional information. Problems have been encountered with some Linksys VPN appliance models when using different Diffie-Hellman group settings for phase 1 and phase 2. To work around this issue and successfully establish the VPN tunnel, use the same Diffie-Hellman group for both phase 1 and phase 2 settings. Digi RealPort can only be used if the Modbus Bridge function is disabled. You cannot use RealPort with Modbus/RTU or ASCII to access the Modbus Bridge function. Do not attempt to "Port Forward" TCP 502 or UDP 502 to local Modbus/TCP servers while the Modbus Bridge is active - this causes NEITHER function to work. Disable the Modbus Bridge if you desire traditional Router/NAT function for Modbus/TCP port 502. IA routes targeting Zigbee/PWAN remotes assume each route can run independently. Thus three routes targeting the same extended MAC might potentially try to send three requests at once, which will confuse a serial protocol like Modbus/RTU. Use the new "scattered-route" design to convert such multiple routes to a single route, which promises only one outstanding request is sent at once. DOCUMENTATION ERRATA None. ADDITIONAL INFORMATION It is recommended that you perform a backup of your device's settings prior to upgrading your firmware. If you should need to revert back to a previous version of firmware, this will ensure that you will be able to restore your device to its previous settings in the event that some settings are not restored properly after downgrading the firmware. To backup your device settings, follow this simple procedure: 1) Open the web user interface and navigate to the "Administration" section and select "Backup/Restore". 2) Click the "Backup" button and select the location to where you want to save your backup file. To restore: 1) Navigate to the same section within the web UI. 2) Click the "Browse" button to select the backup file you saved in the previous steps. 3) Click the "Restore" button to upload the configuration settings contained in your backup file. On initial boot of this device, it will generate some encryption key material: an RSA key for SSL/TLS operations, and a DSA key for SSH operations. This process can take as long as 40 minutes to complete. Until the corresponding key is generated, the device will be unable to initiate or accept that type of encrypted connection. It will also report itself as 100% busy but, since key generation takes place at a low priority, the device will still function normally. On subsequent reboots, the device will use its existing keys and will not need to generate another unless a reset to factory defaults is done, which will cause a new key to be generated on the next reboot. HISTORY 82001536_N (2.17.0.5) ENHANCEMENTS Rebranded "iDigi" as "Device Cloud" Added full support for the Telit HE910 Cellular Modem (Revision ID: 12.00.003) BUG FIXES Don't block forever when radio serial port is flow controlled. Part of a fix for (NDS-19) Treat self-addressed TX status (0x23) as a successful transmission. Needed to support 2xB1 and 4x23 and future XBee firmware. Fixed a bug that updated XBee last contact time for a node no longer on the network during ZDO node discovery Fix XBee bug that sent repeated LQI requests when response contains no entries. Happens during ZDO node discovery with 4023 firmware. Cancel queued and pending XBee commands when gateway is disabled. Caused 900HP and potentially others to lock up when re-enabled (NDS-20). Fix a bug that used too small a buffer when processing ZDO address, routing, and LQI responses from an S2C node. Use the gateway as the default node for xbee child_table and neighbor_table commands. (DBL-143) Fixed a bug where an unauthenticated user could delete a file from the filesystem (NDS-69) 82001536_M (2.16.0.2) - December 21, 2012 82003073_M (2.16.0.2) - December 21, 2012 ENHANCEMENTS Add support for XBee-Pro 900HP S3B radio, including OTA firmware updates XBee ZB OTA update improvements: - Recover nodes that have failed an OTA update and are on the default channel after reset or losing power. Requires XBee firmware 2xAA or later on the updater node. - Restart update using a different updater node after a failure when automatically selecting an updater. - Use source routes to choose an updater with the shortest route, reject updaters further away in the route than the target, and increase timeouts for longer routes. This is effective only when source routing is enabled. - Use updaters from a previous attempt if updaters cannot be found after an update failure. - When "stop on error" option is enabled, stop all updates when an error occurs, not just automatic updates. - When "stop on error" option is disabled, repeatedly try to update the same node if an error occurs, until cancelled by the user. - Work around XBee bootloader bug that sends NAK on retransmitted block 0xff. Add the CR parameter for XBee ZB radio to XBee advanced settings web page, "set xbee" command, and RCI . (41292) Modify the TCP retransmit timeout (RTO) settings to support different minumum and maximum value ranges. Use of these new ranges may reduce TCP retransmits on mobile networks if application data is sent when the cell modem is in a standby state. The TCP RTO settings are modified to permit a minimum of 30-5000 ms (previously 30-1000) and a maximum of 5-240 seconds (previously 1-240). This system-wide setting affects all TCP connections at the time they are first established. The default values for RTO minimum and maximum are unchanged; only the permissible value ranges have changed. (44960) Add (Mobile Equipment Identifier) to the elements included in the output for a RCI request. This element is included for CDMA modems and for the Gobi module (2000 and 3000), in use for either CDMA or GSM. This value is only meaningful for CDMA, but the Gobi module can be either CDMA or GSM. The MEID value may be reported by iDigi or accessed by Python scripts that run on the Digi device. Improve event log and trace messages to better identify the general cause of a PPP chat script failure. Support differential configuration backups via the web user interface and command line interface (CLI), containing only settings groups whose values differ from the device defaults (settings class and custom defaults). This produces a smaller backup file that is more readily reviewed and perhaps edited for use as a defaults.rci file (custom factory defaults). Select Gobi 3000 firmware for DoCoMo, when DoCoMo is configured as the cellular service provider. Selection of DoCoMo as the service provider is available only on Gobi 3000 modems containing DoCoMo firmware. For the Huawei EM820W GSM cell module, implement limited performance improvements to increase data throughput. This change was implemented due to a customer request. Add conditional support for the Telit HE910 GSM cell module and the Telit DE910 CDMA cell module. Add support for UDP messages using the iDigi short message (SM) protocol. Implement changes for possible programming issues that were identified by a static code analysis tool. The identified issues were reviewed and triaged, with changes resulting in many cases. Issues addressed include possible memory leak elimination, removal of unneeded code, improved error detection and handling, data initialization and buffer overflow prevention. While none of the changes are directly linked to issues reported by customers, the changes do improve overall firmware quality. BUG FIXES Fix "xbee factory_default" command error on non-ZigBee radios. Fix an XBee Python issue: Don't throw exception on register joining device status 0xb1, which means key not found. Set get_node_list() clear parameter default value to True only if performing node discovery. (45027) For XBee, allow sending to a 16-bit network address (e.g. [1234]!) on XBee firmware versions that support it. For XBee, allow RCI get_lqi command on XBee with smart energy firmware. For XBee, fix an incorrect error status following gateway firmware update. (45789) Fix a bug in which a static route might not be successfully added to the IP routing table if it is for the mobile0 interface operating in PPP mode (versus NDIS mode). Fix a bug in the PPP settings (both serial and mobile) in which the maximum value length for the phone number fields was not sufficiently large. Values were limited to four characters rather than the intended maximum of 20. This issue affected iDigi users when configuring these settings. (45000) Fix a bug in the network stack's PPP NAK handling during IPCP negotiations for Primary and Secondary DNS IP addresses. Change the behavior of NAK of those items so a NAK isn't handled as a REJECT in a condition common to many 3G cell modems while waiting for the mobile connection to complete. Rejecting the values previously resulted in the DNS IP addresses no longer being negotiated and therefore not correctly obtained from the cell modem when valid values were finally acquired from the mobile network. Fix a problem in which an outbound TCP packet might get "stuck" in the cell modem when the modem is operating in PPP mode (versus NDIS mode). For the Gobi 2000 and 3000 cell modules, disable downloading of GPS Xtra data on Gobi modems. This was potentially causing excessive data charges. For the Gobi 2000 and 3000 cell modules, remove Ec/Io value reporting when operating on CDMA networks. That value is not correctly computed and reported by the cell modem. The Ec/Io value is still reported for WCDMA in GSM mode. For the Huawei EM820W GSM cell module, the Cell ID value is now reported showing only the low order 16 bits of the possibly 32-bit value. This change was implemented due to a customer request. (45081) For the Huawei EM820W GSM cell module, fix a problem in which SMS messages were not being properly received. (45084) 82001536_L1 (2.15.0.8) - August 17, 2012 82003073_L1 (2.15.0.8) - August 17, 2012 ENHANCEMENTS: For user configuration, improve the web page text and associated help to emphasize the selection of the desired device access and feature permissions for user logins that are added beyond the default "root" user. (44865) BUG FIXES: Fix a bug that may leak critical internal USB resources (request blocks). Loss of too many of these blocks could cause the cellular modem to stop functioning correctly, or it could cause an internal processor data exception resulting in a panic/reboot of the device. Fix a bug that could corrupt the tuple returned by the Python method xbee.get_node_list() when previously discovered nodes are cleared from the list and are no longer discovered. (44746) Fix a bug in which the "file copy ..." CLI command might fail if the destination is a directory rather than a file. 82001536_L (2.15.0.6) - July 20, 2012 82003073_L (2.15.0.6) - July 20, 2012 ENHANCEMENTS: Add support to perform firmware upgrades via the CLI ("boot action=load") and the web UI using files on a FAT32 USB drive local to the Digi device. This feature requires corresponding hardware support in the Digi device. On the USB drive, only access to A/ is supported. The options are described by "help boot". Add support to perform configuration backup/restore operations via the CLI "backup" command and the web UI. Files can be in the internal WEB filesystem or on a FAT32 USB drive local to the Digi device. The USB drive support requires corresponding hardware support in the Digi device. On the USB drive, only access to A/ is supported. Add the CLI "file" command that can copy, remove, rename and list files in the Digi flash filesystems and on a FAT32 USB drive (where supported). For security reasons, the file options copy, remove and rename are not permitted for files in subdirectories of the WEB filesystem (e.g., "python"). The "file" command also supports the display of total/used/available filesystem space. The options are described by "help file". New Packet Capture (PCAP) feature: Add support to the network stack for internal packet captures from various network interfaces. Users can capture packets from eth0, eth1, wln0, mobile0, wmx0 and pppN (serial, N=0-9), with the possible network interfaces differing among Digi products. Only a single interface at a time can be captured. Capture output is a standard PCAP-format stream that can be interpreted by common capture analysis tools. The feature adds a CLI "pcap" command with a variety of options to manage and perform captures. As a security measure, by default, the packet capture capability is disabled when a device boots. There are no stored settings -- all configuration and use of PCAP is a runtime matter after a device boots. The pcap command is hidden from the usual command help unless it is explicitly invoked. Trace output for "pcap" is added to trace capture actions and activity for debugging purposes. Packet captures can be obtained locally to the device from the CLI, with the output written to a local file in the WEB flash filesystem or to a USB drive (A/) on Digi NDS products that incorporate that support. Local captures may be performed as "foreground" or "background" tasks. Captures also can be obtained by connecting to the configured PCAP capture TCP port of the NDS device, when such "network" captures are enabled by the user. This permits "clients" such as netcat to connect and capture the packet stream. Such remote packet captures should not be performed by connecting over the network interface whose packets are being captured. The CLI "pcap" help text documents the various options and caveats for use of the packet capture feature. Improve the network stack's support for unpredictable IP ID use. The change provides better protection against a potential attacker as well as addresses a possible issue with IP fragmentation and reassembly. Address a specific customer issue with NAT for large UDP datagrams that are fragmented and sent in reverse order by a device. Add support for a user-configurable option to relax the NAT trigger matching algorithm to permit transmation and forwarding of IP fragments under out-of-order conditions. This condition is atypical and it is more likely to affect UDP or ICMP than TCP. (41935, 1330099) For the Fusion cellular modules, add support for manual provisioning (activation) for Sprint and Verizon. Add support for OTASP provisioning for Verizon. Sprint provisioning via OMADM is previously supported. Add limited support for the Huawei EM820W HSPA+ cellular modem. For the Huawei EM770 and EM820 modems, add band selection support for WCDMA 900. This is associated with a specific customer request. Add a mobile profile and CDMA fallback feature for cellular modems. The new mobile profile web UI replaces SIM selection on all modems: - Gobi has 4 profiles, with any combination of GSM and CDMA providers. - GSM modems on dual SIM platforms have 2 profiles. - Configuration pages content depends on selected profile (GSM or CDMA). - Hide profile selection on SMS configuration page. - Switch to selected provider before provisioning, PRL update or carrier scan. - Show provisioning status is undetermined if CDMA profile not used yet. - Show active profile priority and provider on mobile status web page, "display mobile" CLI command, RCI command. Add priority and SIM slot (sim_slot) options to "set mobile" CLI command. Add provider and SIM slot to "set mobile" list display. Add an index option to select the profile to "provision" command. Add support for a new Mobile Status MIB, with 39 fixed OIDs. The new MIB is Digi part number is 40002486 (DIGI-MOBILE-STATUS.mib). The Digi SMI enterprise MIB, part number 40002195 (DIGI-SMI.mib) also is updated. The new Mobile Status MIB is distinct from the earlier Mobile Information MIB, part number 40002593 (DIGI-MOBILE-INFORMATION.mib). The new MIB has strictly defined meanings and values for its 39 OIDs. On the Mobile Settings web page, add a checkbox to enable/disable the mobile connection. Add associated web help text for this new option. Note that only the selected mobile profile is affected by the enable or disable action. On the Mobile Settings web page, enhance the T-Mobile (USA) service provider screen: - Permit custom APN specification. (42205) - Support username and password specification. Improve the mobile configuration SureLink "Reboot the device..." feature. In the 2.14.1.6 release, a watchdog was implemented as an adjunct to the SureLink "Reboot the device..." option to warm boot the Digi device if 256 consecutive failed mobile connection attempts occur. That watchdog was not configurable and could not be disabled. For the 2.15.0 release, the "Reboot the device" option default is changed to enabled with a value of 255 consecutive failed connection attempts as the threshold. Setting the value to zero disables the reboot (and watchdog). In addition, the "revert to defaults" code for the SureLink settings is corrected to recognize custom factory defaults and not assume settings class defaults are appropriate. (42443) Add options for automatic PRL updates to CLI "set mobile" (and show). Add help text for the automatic PRL updates option. These changes augment additions to the web UI that were introduced in the 2.14.1.10 release. This capability is applicable for Verizon and the Gobi module only. Standardize the format of the MEID value reported by various cell modules. Some modules include a leading 0x, whereas others do not. The standardized format removes the possible leading 0x from the value. For the Fusion modules, correct the SID/NID value acquisition. The wrong AT command was being used to obtain those values and therefore incorrect values were being reported. The correct AT command also provides the base station ID and latitude/longitude values, so those have been added to the "display mobile" output as possibly useful information. For the Fusion Wireless FW2763p cell module, display only the (1xRTT) signal strength in the "display mobile" output. The EVDO value was being reported, although the 2763 doesn't support EVDO, only 1xRTT. The FW2770 module does support both 1xRTT and EVDO and will (still) report both RSSI values. Implement changes for possible programming issues that were identified by a static code analysis tool. The identified issues were reviewed and triaged, with changes resulting in many cases. Issues addressed include possible memory leak elimination, removal of unneeded code, improved error detection and handling, data initialization and buffer overflow prevention. While none of the changes are directly linked to issues reported by customers, the changes do improve overall firmware quality. Add event logging and a CLI command to report status of Custom Factory Defaults (CFD). If custom defaults are applied, or if some error occurs while trying to process them at start-up time, a "system" event log record is created. A hidden "cfd" CLI command will display the status of CFD processing. This is added to "display techsupport" as well. This is provided as an aid for troubleshooting. For the "flashdrv" CLI command, report the mount point as "A/" rather than "A:/". The colon form was previously eliminated from other places in the firmware, and this instance apparently was missed at that time. Support the "2g_only" and "3g_only" choices for the "band" option of the CLI "set mobile" command, for cell modules that support 2G and 3G service and also support individual band selection. These are convenient selections for frequency group selection. Add event logging and trace for two internal APIs that can disconnect the iDigi connection, via SMS and Python. Helpful for troubleshooting. Optimize the internal na_pton() API to immediately fail look-ups when an empty string (IP address or domain name) is passed to that API. This improves performance in application code such that the eventual failure is more immediate XBee changes: - Add command to reset radio to factory default settings to Factory Default Settings web page, XBee Device Operations web page, xbee CLI command, and RCI . (41893) - Change max value for JN parameter to 1. (42084) - Expose D6 parameter on ZB gateway radio to enable RTS flow control. - Allow manually scheduled OTA firmware updates even if OTA update setting is disabled. - Add "xbee restart" CLI command to restart gateway radio. - Remove "xbee reset" test command. - Add ability to include XBee gateway radio settings in the configuration backup file. - Add option to Backup/Restore web page and CLI backup command. - Change RciProcessor and QueryCommands to generate backup directly, rather than changing query_setting to set_setting afterwards. - Add support for DigiMesh 865/868LP radio, including OTA firmware updates. - Add OTA update progress messages, improve error messages. - Check for a valid gateway firmware file before starting update. - Fix threading bug that returned an empty node list when another thread cleared the node list, causing a Python exception. - Indicate "unknown" instead of "end device" if node type is not known. - OTA firmware update improvements (customer-requested: - Invalidate network address on all transmit errors. - Improve command timeout handling. - Give preference to local radio as updater. - Test updater with smaller payload to allow room for encryption and and source routes. Improve the Python xbee module: - Add source_route member to nodes returned by get_node_list(). - Add option to clear node list to get_node_list(). Eliminate unneeded code and data to reduce runtime memory use. BUG FIXES: Fix a bug in the VPN support in which an empty (NULL) IPSEC hash table was incorrectly used, resulting in subsequent VPN and device problems. The empty table is valid and is now properly handled. (40548, 41522, 41900) Fix a problem in the VPN feature. (43534) If two units were set up to create a VPN tunnel between them, with one unit operating as the server and the other a client, the server would not accept a new connection from the client if the client was rebooted. The old VPN connection in the server side (from before the client rebooted) prevented the client from reconnecting. Two problems were identified and addressed: - The old IKE policy was not being deleted before trying to add the policy for the new connection - The API code to add the policy was not properly cleaning up when it failed to add the new policy because the old one, with the same priority level, was already there. In fact, the API code corrupted the linked list of IKE policies. Fix a problem in which DSA security does not work with the Digi SSL implementation. (42451) Fix a bug in which autoconnect was failing to attempt a sslauth connection. (42575) Fix a problem that reports the wrong SIM PIN Status in products using the Gobi 3000 or 2000 module. An incorrect status check was at fault, where failure was falsely assumed and the wrong status was returned. In conjunction, improve event logging for SIM PIN activity. (37810, 43943) Fix a bug that fails to count mobile call originations when the cell module operates in NDIS mode (PPP mode is OK). The missing origination counter increment has two known consequences: - The SureLink "reboot the device" setting may not be observed correctly, and the device rboot will not occur as requested. - The Verizon call origination/backoff algorithm most likely is not properly followed, which is a Verizon certification issue. NDIS is the default mode of operation for these cell modules: - Gobi 2000 and 3000 - Ericsson 3507, 3307 and 3607 (but not 5521 and 5321) - Option GTM382 (and GTM378) The Verizon call origination issue applies only to the Gobi modules. Fix an issue identified by static code analysis in which a SureLink FQDN inconsistently allowed either 63 or 64 characters. The intended maximum of 63 characters is now universally enforced. A value of 64 characters could have resulted in data corruption. Fix a problem with serial PPP that results in a failed LCP negotiation on the next (immediate) connection attempt following a PPP session disconnect. The change has no effect on cellular PPP connections. (44060) Fix a problem that could cause the iDigi Short Message Service (SMS) feature to attempt to send short messages on devices whose cell modems are not supported by the Digi firmware for SMS capabilities. Although the short messages are never sent, a looping condition can occur in which the firmware continuously attempts to send the failed message. The failed message resend loop could also occur for devices whose cell modems do have SMS support in the firmware. (1339982) Fix a data abort exception in the Python digicli module that can occur due to an allocated buffer overflow for CLI output lines that exceed 256 characters. Although such long lines aren't likely, the crash could result from any CLI output with long lines. The fix limits the output strings to 2048 bytes at most, breaking them into segments if necessary, and it precludes the overflow condition. No CLI output is lost as a consequence of this change. Fix a problem in which configuration backup/restore with keys/password option selected, does not include some keys. In particular, the SSH and SSL private keys were absent but are now included in the backup RCI as encrypted values, only if the user requests them as such. This uses the same method as for passwords and other keys. (44048) Fix a problem in which the CLI "certmgmt" command quietly creates empty files when saving private keys (SSH, SSL, VPN). Per security requirements, disallow saving private keys via "certmgmt" and provide an explicit error message to the user. Detect empty certificates and invalid index (range) values and provide an appropriate error message for such cases. (44048) Fix a problem in which the MEI settings were improperly handled for the "wires" field. Specifically, "two" was mapped to 4, and "four" was mapped to 2. This results in confusion when using iDigi to configure this value and when creating RCI to select the value.The CLI and web UI have always worked correctly. The fix deprecates the "wires" field but continues to support it for backup restores and custom factory defaults as a matter of backward compatibility. A new field "numwires" is introduced that correctly handles the number of wires ("two" means 2 and "four" means 4) in the RCI and iDigi support. (44073) Fix the web server to reset form items for multipart/form-data. (41637) XBee fixes: - Fix lock up after "xbee factory_default" command. (43950) - Ignore unsupported settings when restoring from backup. (44040) 82001536_K2 (2.14.1.15) - March 7, 2012 ENHANCEMENTS: Add iDigi SMS Opt-In feature. With the iDigi Opt-in support enabled, the iDigi Technical Support team is afforded visibility and access to your device to diagnose and resolve issues, should you require assistance. NOTE: The Opt-in process involves sending a single SMS message containing the device's mobile phone number and iDigi Device ID to the iDigi servers. iDigi change: Send message with succes status and zero-length response when Python data service callback function returns no value. (41422) BUG FIXES: None. 82001536_K1 (2.14.1.10) - January 25, 2012 ENHANCEMENTS: For the Ericsson cellular modules: - Add SIM presence detection for the F5521 module, which previously reported N/A in the mobile status. - Add HSPA to the list of possible reported 3G service types. - Decrease by about 10 seconds the time to initial first mobile service availability following a cold boot of the Digi device. - Improve the driver's handling of a module reset with retries of the post-reset enable of the modem radio, which is always turned off by the module when it is reset. - Enable an existing SIM PIN check retry algorithm. For the Fusion cellular modules: - Add support for a client-initiated PRL update request. - Improve general OMA session support per certification requirements. - Improve network-initiated (NI) request support for PRL update and FUMO. - Improve client-initiated (CI) request support for PRL update and FUMO. - Add event logging, connection manager and trace support for OMA session status for improved troubleshooting. - Improve OMA "success" messages per Sprint certification request. - Prevent PPP from starting a new data connection while an OMA request (NI or CI) is in progress, particularly FUMO. - Prevent a new OMA request from being submitted when one is in progress. For the Gobi cellular modules: - Initiate a PRL update after provisioning the Gobi cellular modems, as requested by Sprint. - Improve monitoring of the PRL update session. Add "TELUS Mobility HSPA" to the supported list of explicitly identified service providers. Add a VPN feature to work around some issues associated with keeping a VPN connection active between a Digi Connect device and a Cisco router. This feature allows the customer to configure the VPN software (in the Digi device) to automatically send ICMP pings through the VPN tunnels to prevent IPSEC from timing out due to lack of traffic. The customer is able to set the frequency of the pings being sent. Add VPN-related commands to "disp techsupport": show vpn phase1 verbose=on show vpn tunnel verbose=on vpn status iDigi changes: - Always indicate that device data service is available, even if no targets are registered yet. (40837) XBee/mesh changes: - Add RCI to allow commands directly specified to be executed on the Zigbee module. - Add hidden CLI command for testing and certification situations where "set xbee reset=on" will hold the XBee module in reset for testing. - Add SN parameter for DigiMesh and Smart Energy. - Don't enable RTS flow control (set D6=1) on ZB radio to avoid dropping data in the XBee module when fragmentation is enabled. This is because RTS and fragmentation aren't supported at the same time. (41307) - Improve handling of node discovery results for CLI and Python. - Update radio parameter tables. BUG FIXES: For the Gobi cellular modules, improve error/timeout detection for SMS requests. Perform module recovery after several consecutive timeouts. (41450) Fix problems in the RCI handling for the and settings. The problems were exposed in the iDigi device configuration interface for these settings. Issues addressed are: - Add missing elements in settings. - Remove excess/incorrect elements in settings. - Correct the value range identification for some elements, specifically those related to group association. Improve the element description strings displayed by iDigi. (41545) Add the missing "mobile_cfg_chng" keyword to the "mode" option choices in the help text for the CLI command "set alarm". Fix a bug in which the help text for the "show ia" CLI command contains "garbage" characters. (41619) WiMAX changes (backup/restore): (41403) - Fix a bug in updating and reloading WiMAX parameters (settings) under certain conditions. - Correct handling of the field in the WiMAX settings. XBee/mesh changes: - Fix over-the-air firmware updates of the XBee S2C radio. (40587) - Fix timeout errors on local commands that follow node discovery on DigiMesh sleeping networks. (40622, 40701) - Add a missing permissions check for the "xbee" command. - Fix a crash that occurs when passing a long hex string to getaddrinfo() or xbsGetAddr(). (41692) - Fix parsing of a 16-bit cluster ID. Only 8-bit worked correctly. 82001536_K (2.14.1.6) - October 14, 2011 ENHANCEMENTS: Add support for the Gobi 3000 cellular modem: - Appears as Huawei EM680. - Service provider firmware must be pre-loaded on modem. - Supports Short Message Service (SMS). Add support for Gobi cellular modems to allow configuration of specific mobile bands, 3G-only or 2G-only for GSM mobile service. Add support for Fusion FW2763p and F2770p cellular modems (for Verizon and Sprint): - Supports Short Message Service (SMS). - Supports FUMO (Sprint Over-the-air Firmware Update). For WiMAX, add a user-selectable authentication type for Sprint DataLink. (38768) The iDigi feature has been improved to support binary data service and file system service between the device and iDigi Server. These services are supported through interfaces available to python applications in the device. See www.idigi.com for more information on iDigi. Change the default for the iDigi client connection method from TCP to SSL as a security improvement. Add event log and trace messages for the "Disconnect" iDigi protocol message, to help with troubleshooting the loss of iDigi connections. Improve the multiple user model's permissions protections to better support limited access users. - Extend permissions for users, groups and permissions to support "self" permissions in addition to the existing none/read-only/read-write permissions choices. - Split apart some of the permissions such that each can be separately selected and configured. - For the CLI "boot" command, improve the permissions checks for the supported options. Specifically, "action=factory" now requires both boot and revert-all permissions. "file=(host):(filename)" now requires both boot and fw-update permissions. - In the web UI, improve page access error messages for user configuration pages. Disallow unauthorized/direct access to user configuration pages that circumvents page links and permissions checks. Add the following notice to the User Configuration web page, with a similar notice in the web help. (38961) Be certain that you know a valid user name and password combination that you previously configured, or the device default values if you have never configured users and passwords. If you do not know a valid combination, you will not be able to log into this device. Improve the web user interface help information regarding username and password values. (38178) The clock (time) source management functionality has been improved to better detect failures to retrieve time sync samples from an NTP server as a time source. Failures or "lost" replies result in quick retries for both the initial sample after boot time as well as for subsequent samples. Additional configurability is supported via the "set timemgmt" CLI command, the web UI and the iDigi platform. Event logging is improved for time-related events. For the clock (time) source management feature, update the web UI and web help to include the configurable jump threshold and "lost time source" detection settings. For the clock (time) source management feature, improve the SNTP client implementation: - Add detection of "expired" NTP replies. o Accept replies only if in response to the most recently issued request for a given NTP time source. Discard other replies. o Replies must not be more than 20 seconds since the request was sent. Old samples can skew the time computation and cause undesired jumps. o Add a statistical counter for "expired" replies ("info time" CLI). - Improve the NTP reply read resolution for the socket, to more quickly process replies. Add a feature to execute a CLI command using RCI via the general request do_command target="cli". This is accessed through iDigi Manager Pro. Improve the parsing of RCI documents to better handle embedded XML comment and declaration values. (37651) Add support for a user-configured Maximum Transmit Unit (MTU) size for the Ethernet interface. The MTU size can be configured using the "mtu" option of the "set network" CLI command, or in the web interface on the Advanced Network Settings page in the Network Configuration area. Improve the SureLink system reset capability: - When the system reset condition triggers, leave a suitable panic record with information that identifies the reason and cause (for the reboot (versus no information whatsoever). - Add a watchdog-like extension that will reboot the device if 256 consecutive failed connection attempts occur. The setting permits a value in the range 1-255. Even if the system reset is disabled, the watchdog will request a device reset after 256 consecutive failed connection attempts, as a means by which to attempt recovery. This spans a period of many hours, so it is not particularly aggressive. Add help text for the "set wimax disable_certs" CLI command. XBee/mesh changes: - Use POSIX file system API so OTA firmware update works on all file system types (including YAFFS). - Update configuration web page help for ZB. - Add support for the S2C (surface mount) radio. Improve the web pages for the Alarms Settings: - For the individual alarm configuration page in the web UI, add a link to the SNMP Settings page in existing page text where the SNMP trap can be enabled for the alarm. If no trap destination is configured, display "(not configured)" as the destination value rather than nothing. - Improve error detection in the alarm edit web page. - Add an optimal RSSI alarm checkbox to web UI. This was available previously using the CLI command "set alarm". (39771, 39833) For cellular RSSI alarms: - Improve processing of RSSI alarms if multiple RSSI alarms are configured in the settings. (39833) - Improve RSSI sample averaging to avoid possible early trigger conditions. - Improve trace output from alarms driver for RSSI sampling and action. To CLI, web UI and RCI, add flash (web) filesystem reporting for total, used and free space in the filesystem. Add these to: - CLI: display device (info device) - Web UI: General System Information page, and help - RCI: DeviceStats class (new elements) (38557) Add "display serial" and "info serial" to "display techsupport" command list. Add the undocumented "full" option to "display dnsserver" in the "display techsupport" command list. This is useful for troubleshooting. Add the Python version number to the RCI query_state/device_info reply. Add support for optional Python control of the STATUS LED of the Digi device. This capability has existed in the past for other Digi products. Improve memory use by the firmware update feature such that somewhat less memory is used during the upgrade. While all upgrade types are improved (web UI, CLI, iDigi), the CLI upgrade method is most improved. (40391) Reduce memory use by various firmware features. BUG FIXES: Fix a problem that could cause the configuration or web filesystems to be erased as the result of an errant migration action to the higher performance YAFFS filesystem from the NAFS filesystem. This possibly causes the loss of all configuration settings (including custom factory defaults) and all files or scripts stored in the web filesystem. (38689) Fix a problem in which the Digi device disconnects momentarily from the iDigi Manager server when the iDigi Manager Pro user opens Device's Properties Page. The problem occurs when the device uses the SSL connection type when connecting to the iDigi Manager server. It may occur over any network connection type (LAN or WAN) but is more likely to be observed over a WAN cellular connection. (39837) XBee/mesh changes: - Ignore flag bits added for DigiMesh in DDO command status byte. - Allow extra time for DigiMesh node discovery. This fix is needed by 868 MHz firmware 1x61 and 2.4 GHz firmware 8x62. - Fix a bug that blocked all transmissions while waiting for a DDO command issued to an unresponsive node. - Update radio command processing limits for SE and S2C. (38712) - Add SP radio parameter for DigiMesh gateway radio to web UI, CLI, and RCI. (38766) - Fix a bug handling join notification status frame that created incorrect node list entries. - Return None instead of garbage from xbee.ddo_command() when the timeout parameter is 0. This means don't wait for the result. (39245) - Throw an exception from xbee.ddo_get_param() when the timeout parameter is 0 after rounding to milliseconds. (39338) - Reserve extra space in the transmit queue and use a different node address to prevent data messages from blocking the send of local commands to the radio. (39370) User logins using the web UI: - Correct the login pages for the multiple user model to support username and password values of 1 to 16 characters. These pages support both "normal" user sessions as well as customization user sessions. The web page scripting and controls supported usernames of 3-15 characters and passwords of up to 15 characters, which don't handle the permissible lengths for the multiple user model username (3-16) and password (4-16), plus customization username (1-16) and password (1-15). - Add a note to the Change Password page for the customization user to indicate that the username and/or password change applies only to the customization user and not to the administrative (or other) user. Update the customization tutorial text to state that the customization username may be 1-16 characters long, and the associated password may be 1-15 characters long. For the clock (time) source management feature: - Fix a bug in which some malformed SNTP responses were counted under the "Receive Timeout" category in addition to "Malformed Responses" in cases for which only the latter category should be incremented. These values are reported by the "info time" CLI command. - Fix a bug in which the RCI descriptor for the settings suggested a minimum ranking value of 0, but it should be 1. The bug resulted in an error being returned to the user when configuring a time source via iDigi, if ranking value 0 was entered by the user. - Fix a bug that possibly allowed packets to accumulate on the socket for an internally disabled NTP source (lesser ranking). Such packets were never being read nor discarded, thereby unnecessarily consuming system memory. Fix a problem that occurs when using the UDP Serial Tunnel feature: the tunnel fails when the IP address changes at either end. This is particularly observed with a cellular network connection, with dynamic public IP addresses, but can occur in other cases as well. In the cellular case, the cellular connection may be dropped by the service provider if no activity has occurred for a provider-determined interval of time. Two two problems are identified and resolved in the UDP Serial feature, both related to failed name resolution of the remote side host when the device first boots or there is serial data to send. (39729) Fix a possible memory leak in the Host List feature. (32850) Fix possible display, validation, get and set problems for some Short Message Service (SMS) settings in the web UI (built-in commands and SCL entries), on products that support multiple SIMs for GSM service. Since SMS settings are global vs. SIM-specific, add a note to the web page and associated help to that effect. (38560) Fix a bug in the displayed "Use%" value for the "flashdrv" CLI command. The computation was incorrect. Also added (back) the Use% value display in tenths of a percentage (lost when support was added for units with greater than 4GB capacity). Fix a bug in which the localtime() API didn't correctly adjust time by the specified timezone offset. (36959) Fix a bug in which the user-configured UTC offset is applied twice, as reported to the iDigi Manager server. (39931) Fix a problem that could occur if the real-time clock (RTC) is set to a date earlier than January 1, 2009. A date as early as year 2000 is accepted by the firmware (via CLI or web UI), and the RTC could be set with that value. But a subsequent read of the RTC with a year earlier than 2009, could cause that sample to be discarded. (40215) Fix this reported bug: Python TFTP Remote Start Fails with \r\n line endings. Uninitialized "garbage" at the end of the result buffer could cause odd error messages. A previous change for issue 26971 (in 2008) strips carriage returns from the received file. That change had a bug in which it did terminate the remaining text correctly, leaving garbage at the end of the result buffer. This commit corrects that bug. (40307) Fix a bug in which Python digicli.digicli.__doc__ returns a confusing response. (40421) Fix an SNMP issue that could cause an SNMP denial of service. (39737) Fix a bug in which the "set_factory_default" RCI request incorrectly states in its RCI descriptor text that a device reboot will be performed after the "factory" action has been completed. No reboot is performed. Fix a panic that could occur while accessing some System Information pages in the web UI. (38729) Fix an issue that occurs in IP pass-through mode, such that tethered DHCP client may not renew its lease. In IP pass-through mode, the Digi DHCP server uses a 4 minute lease time, which forces the tethered pass-through client to renew its lease every 2 minutes. This design accommodates the possibility that the mobile IP address loaned to the tethered host, may change if the mobile connection goes down and is reestablished. However, if the tethered client actually requests a specific lease interval, that 4 minute design was circumvented. The DHCP server has been modified to handle this case and provide the usual 4 minute lease. (40022) Fix a VPN problem that could cause a panic resulting from corruption of a linked list upon the (timed) expiration of an IPSEC SA. (38322) Fix a VPN problem related to this change in an earlier firmware release: When a VPN tunnel is configured to start automatically, the VPN feature starts the tunnel by sending a ping to the remote subnet. This was not working correctly when "tunnel all" was selected since the remote subnet is 0.0.0.0, which is not a valid IP address. This problem has been fixed. (37275) 82001536_J1 (2.13.0.12) - May 11, 2011 ENHANCEMENTS: Add support for the 16MB RAM versions of the ConnectPort X4. This support was removed in the 82001536_J firmware revision, but it has been restored with the 82001536_J1 revision. Add event log and trace messages for the "Disconnect" iDigi protocol message, to help with troubleshooting the loss of iDigi connections. Add the "show idigi_msgservice" command to the "display techsupport" command list (38095) Add support to apply the user-configured Maximum Transmit Unit (MTU) size in the Mobile PPP settings, for mobile connections that use NDIS mode as the interface to the cellular module. Previously, this was applied only when using a PPP interface to the cellular module. Improve the web user interface help information regarding username and password values. (38178) BUG FIXES: Fix a problem that caused the Python built-in time.clock() call to return a value that "rolls over" after approximately 49.7 days of operation after a boot of the Digi device. This occurred due to an internal clock counter rollover. It could cause Python application program to assume that the clock (and time) had gone backwards, resulting in unpredictable behavior of the application. (37986) Improve a manufacturing test that could fail for the XBee 868 MHz radio. Ignore flag bits added for DigiMesh in DDO command status byte. Allow extra time for DigiMesh node discovery. This fix is needed by 868 MHz firmware 1x61 and 2.4 GHz firmware 8x62. 82001536_J (2.13.0.7) - March 21, 2011 DISCONTINUATION OF FIRMWARE UPDATE SUPPORT FOR SOME PRODUCTS Firmware update support is discontinued for the 16MB RAM versions of the ConnectPort X4 product. New firmware releases will no longer load successfully on these smaller memory units. This restriction is imposed because the new firmware has increased in size and, for a ConnectPort X4 unit with 16MB of RAM, there is insufficient memory to support firmware updates. ENHANCEMENTS: Add support for an enhanced filesystem, YAFFS, and migration to YAFFS from the existing NAFS filesystem type. Refer to the HIGHLIGHTED PRODUCT CHANGES section for further information. Add support for an enhanced multiple user model. Migrate existing user settings to the new model. Refer to the HIGHLIGHTED PRODUCT CHANGES section for further information. (31007, 34089) Improve support for management of clock (time) sources. Refer to the HIGHLIGHTED PRODUCT CHANGES section for further information. Add support for the iDigi SMS feature. Refer to the HIGHLIGHTED PRODUCT CHANGES section for further information. Add support for the Ericsson F5521gw GSM cellular module. Add support for the Huawei EM660 CDMA cellular module. Improve support for Option GTM378 GSM cellular module. When restoring a device to factory defaults, revert the DHCP Server settings only if the network settings are being reverted. (33078) When restoring a device to factory defaults, revert the certificates and keys only if the ALL settings are being reverted. (36710) Improve the error messages that are reported due to ping CLI failures, such as when there is no route to the destination IP address, to be more specific to the underlying problem. (36872) Add the TCP "timewait" option to the "set network" command. This option specifies the desired system-wide value in seconds for the TCP TIME_WAIT interval. The default value is 60 seconds, and the supported range is from 10 to 240 seconds inclusive. Also added to the RCI settings. Add a note to the "set network" help, and to the "set network" output if a TCP option is changed, to clarify that the change is not applied to existing TCP connections, nor to service listeners until the listeners are restarted or a reboot occurs. Add similar notes to "revert network" help and "revert network" output if the global settings are reverted. For the "display logging" CLI, add the ability to display the event log and continue to check for and display new log messages as they are written to the log. The help text for this command is updated to describe how to request and terminate the continuous log "tailing". Add SMS support for Qualcomm Gobi cellular module. Both GSM and CDMA modes are supported. For CLI commands submitted via the SMS #cli request, in products supporting the multiple user model, ensure permissions are enforced as those of the root user. If a special user named "smscli" is created, the permissions for #cli will be restricted to those configured for user "smscli". This special username cannot be selected by the user. Improve on a condition in which SMS messages, send by Digi devices, might be truncated or corrupted when passing from CDMA networks through GSM gateways. The issue may occur due to differences in the CDMA and GSM standards for short message content encodings. For received SMS message handling, the '#' character is taken to indicate a command upon which the Digi device should act. During global testing, it has been observed that this character may be modified (e.g., replaced with a space) when short messages pass through some SMS gateways. This is problematic for the #command interface to the devices via SMS. To help accommodate possible character translation problems such as this, the SMS settings are updated to permit a user selection of the command character. This character still defaults to '#' but may be any one of: # ! % * + / Add iDigi Timed Connection support to web UI and web help. This connection type has long been exposed via CLI and RCI. Enable "file hashing" via RCI to help with file version verification. This extends the file system "ls" command in RCI to request that a hash value be returned for files in the listing. The supported hash methods are "none" (the default) and "crc32". Improve the error recovery algorithm for failed RCI requests received via iDigi. The updated algorithm reduces network activity by eliminating redundant error reports. Improve trace output for troubleshooting. (37637) The Python ONEXIT condition has been added to the Web UI. (37541) XBee changes: - Add join notification, BR and TC commands for SE 3x28 firmware. - Allow DDO commands to broadcast address from CLI. - Fix bug setting extended timeout option on DDO commands. For the IA feature, add support for fixed addresses when routing Modbus via XBee. (37200) BUG FIXES: Fix a bug that may result in a memory leak when a fully qualified domain name (FQDN) is configured for a SNTP Server as a time source in the Date and Time Settings. (37807) Address SSH public key authentication issues. (37339) - Fix a bug in which configuration settings support for SSH public key authentication was inconsistently implemented in the Digi firmware, depending on the product and user interface being used. - Ensure that user authentication is in accordance with RFC 4252. - Eliminate memory leak when configuring a public key via tftp. - Improve SSH trace output for troubleshooting purposes. Fix a bug in which an SSH user other than the root user, might acquire root user permissions for CLI commands. (37483) Fix a VPN issue in which NAT-T keep-alive packets were not being sent if PFS security was selected. (34186, 36751) When a VPN tunnel is configured to start automatically, the VPN feature starts the tunnel by sending a ping to the remote subnet. This was not working correctly when "tunnel all" was selected since the remote subnet is 0.0.0.0, which is not a valid IP address. This problem has been fixed. (37275) Fix a bug in which changing the IP address from dynamic to static via the web UI redirects to a URL mix of old/new IP addresses. Also correct a failure to redirect if the service port for HTTP or HTTPS is other than the usual values 80 or 443, respectively. (33205) Fix a problem in which Classless Inter-Domain Routing (CIDR) fails to route correctly under certain narrow instances (such as routing between hosts with IP addresses 25.0.0.50 and 24.0.0.50, with a subnet mask of 248.0.0.0). (37043) Fix a busy loop problem when all PPP dial numbers are empty. (36829) Correct a bug for the Ericsson modules in which GPS support might not be properly configured (enabled/disabled) in the cell module, if the module is being used in PPP mode (not a problem in NDIS mode). Fix a Python socket read failure that could occur if a timeout is set on an SSL socket. Fix an inconsistency and bug in which the Python command string was not properly managed with its maximum length value of 127 characters. Fix a bug that caused XBee early request timeout and retries resulting from a race condition. (37735) Fix IA route issues in the RCI settings processing. (36812) - IA Route settings support a "scatter string" for the protocol address, but RCI allowed only minimum and maximum. - IA Route settings support Xbee MAC with end-point in the IP address field, but RCI allowed only an IP address. - Change the supported serial port minimum value in the RCI descriptor from 1 to 0, allowing zero to be set when route isn't serial. - Correct a typographical error: change "Pprotocol" to "Protocol" in the RCI descriptor. Eliminate several potential memory leaks. (34946) 82001536_H2 (2.12.0.7) - November 27, 2010 ENHANCEMENTS: Enhance WiMAX support for continuing development and to incorporate improvements requested during product certification with WiMAX service providers. Modify the DHCP server feature so it doesn't include its IP address as a DNS Proxy in the lease information it sends to its clients, if DNS Proxy service is not enabled in the configuration settings. Change the default state setting for the DNS Proxy feature to "enabled" (on) rather than disabled/off. This restores the default as it existed in earlier product revisions. In conjunction with the Network Port Scan Cloaking feature, this DNS Proxy "out-of-the-box" default of enabled is safe to protect against denial of service (DOS) attacks on DNS servers that have been reported worldwide. Note that the cloaking feature is enabled by default for the WAN interfaces (mobile0, wmx0) but not for LAN interfaces (e.g., eth0). Add support for manual selection of WCDMA 900 MHz frequency (3G) for cellular modules that support the specific selection and use of that band (the Sierra Wireless MC8790 family in particular). Improve support for Ericsson F3307 cell module. There are two forms: North American frequencies and European frequencies. Each form has a unique USB product ID. In previous firmware revisions, only the European frequency model was properly supported. Improve the SureLink settings page and web help to further describe the Hardware Reset Thresholds category of settings. Improve the user interfaces for configuring static routes in the network stack. For a WAN interface, always use the interface gateway IP address. For a LAN interface, use the associated interface gateway IP if the static route rule is configured with a gateway address of 0.0.0.0. If the static route gateway IP is other than 0.0.0.0 for a LAN interface, use that configured value. This properly and implicitly accommodates WAN interface static routes and allows the user to select use of the LAN interface gateway or a configured value for LAN interface static routes. The web UI help is updated to describe this enhancement. BUG FIXES: Fix a long-standing settings class RCI bug that affects settings restore, custom defaults and iDigi configuration of the failover feature. The TCP test destination port was not being correctly set, which left in place the previous value that was defaulted or set via CLI or web UI. (36372) Fix a bug that prevented a static route from being configured for the mobile (cellular) interface, if the mobile interface is using NDIS mode. PPP mode only worked before this fix. Now both work correctly. Fix a VPN problem in which a successful VPN connection could not be established due to the configured subnetting scheme in relation to the mobile network's remote endpoint IP address. Specifically, the remote mobile endpoint was on the same subnet as the remote VPN subnet. This resulted in a packet routing problem that has been resolved. (36588) Fix a problem for Ericsson cellular modules using the NDIS interface for the mobile connection. The cell module could not successfully establish a mobile data connection, due to a bug in Digi's NDIS support in which the "set authentication" AT command was being truncated and as a result did not request the service provider-required authentication for username and password. The problem was exposed in 2.10.0 and later firmware revisions. (36752) Display the correct range for the SC setting in the web UI for XBee PRO 802.15.4 radios. (35660) 82001536_H1 (2.12.0.6) - October 15, 2010 ENHANCEMENTS: Improve the network stack to address the issue described in US-CERT Vulnerability Note VU#498440: Multiple TCP/IP implementations may use statistically predictable initial sequence numbers. The note can be viewed at: http://www.kb.cert.org/vuls/id/498440. (36183) Expand the description of iDigi keep-alives in the web help information. BUG FIXES: Fix a problem in which Ethernet driver might lose synchronization between its interrupt handler and its packet receive processing thread. This could cause received packets to be held in the driver's receive buffer ring and not passed to the network stack in a timely manner. Under such a condition, network communication might appear to be broken for network protocols and applications. (35638) Fix a bug in which the file system component was incorrectly accounting for open directories in the system. Due to this bug, it was possible that the open would fail regardless of actual resource availability. (31645) Fix the CLI command "flashdrv" to recognize more than 4 GB. (35390) Fix bugs in "set vrrp" option validation in the CLI: - Verify VRID is 1-255 (not 254). - Verify priority is 1-254 (not 255). This matches similar validation in the web UI and configuration restore. Add missing ZigBee route type to the IA route settings RCI. (36233) 82001536_H (2.12.0.5) - October 1, 2010 ENHANCEMENTS: Add support for IEEE 802.16e, known as WiMAX (Worldwide Interoperability for Microwave Access). Support is for the GCT / Quanta Microsystems WM553 module. This introduces a new network interface (wmx0) that is available for use by many of the Digi device's features. Select the primary SIM by default on the mobile configuration web pages. (35035) For GPS support by the cell module, for Verizon service, add support for varying minimum intervals between fixes depending upon the user-selected position determination method: MSS - Standalone (no network assistance) 1 second MSB - Mobile-based (network assisted) 30 seconds MSA - Mobile-assisted (network calculated) 1800 seconds This support is for compliance with Verizon certification requirements. Enhance the Dynamic DNS update feature to permit the selection of any device network interface. Previously this feature was coupled with the cellular mobile interface and did not support a selection of the network interface for which the associated IP address is registered with the DDNS service. (35346) Add a Network Port Scan Cloaking feature that permits users to prevent replies to various received packets for which there is no local service. On a global or per-network-interface basis, one can disable ping replies, TCP reset replies for received connection requests to unused ports, and ICMP destination/port unreachable replies to received UDP datagrams destined for unused ports. This capability "cloaks" a device from being probed on such unused ports, and it reduces packet traffic by eliminating replies that may be billable to service accounts (e.g., cellular service). This feature is exposed in the CLI as the "scancloak" option, and it is supported in the web UI on the Advanced Network Settings page under the Network Configuration section. By default, this feature is disabled. Support cloaking for the DNS Proxy feature on a per-interface basis, so the proxy can be enabled for some interfaces yet disabled for others. Change the default state setting for the DNS Proxy feature to "disabled" (off) rather than enabled/on. The purpose for this change is to modify the "out-of-the-box" default to one that is safer from denial of service (DOS) attack on DNS servers. BUG FIXES: Add reporting of LAC and CID on the Gobi cellular modem. Available only in NDIS mode with GSM service providers. (34678, 35187) Fix a possible panic when using IPSEC with NAT-T. The problem could occur when multiple NAT-T vendor ID payloads are loaded into an IKE message (packet), resulting in a buffer overflow. (35594) Fix a problem in which the iDigi discovery tool uses the Wi-Fi interface MAC address as the iDigi device ID. The required iDigi device ID is based on the Ethernet MAC address. The problem affects only products that have a WiFi network card as a second LAN interface, when that interface is used for iDigi discovery. (35697) Fix a problem for the Industrial Automation (IA) feature in which the full settings were not properly restored from a backup file. (35891) Fix a possible panic that occurs while configuring the primary network interface (Ethernet) and saving the changes to NVRAM. (35715) For mesh networking configuration, display the correct range for the SC setting in the web UI for XBee PRO and S2B radios. (35660) Fix a bug in a previous fix to gettimeofday() that causes incorrect display and behavior in "set time" and the Date and Time web page. (35957) Fix a bug in uudecodeToFile() that causes RCI file transfers to fail when there is white space after the file data. (36147) 82001536_G1 (2.10.0.10) - August 24, 2010 ENHANCEMENTS: Add mobile service provider and Gobi support for these GSM providers: - Vodafone - T-Mobile (Europe) - Telefonica - Telcom Italia - Orange - DoCoMo Add iDigi connection status items for send and receive idle times. Add an optional interface name list to "display pppstats" so individual specific interfaces can be displayed. The absence of interface name parameters causes all valid PPP interfaces to be displayed. BUG FIXES: Fix an IA modbus problem in which a buffer was being freed twice when a message send failed because the network connection was down. This could result in a panic reboot. (32914, 34800) Throw an exception instead of returning None from the Python xbee.get_node_list() function when the node list is empty or an error occurs. (35111) The value returned by the Python time.time() function is no longer modified by the offset option of "set time". The function gettimeofday() was returning UTC biased by "offset". (34994) A few of the Python modules would block all Python activity during certain lengthy operations unnecessarily. Components that have been examined and addressed include the digicli module; the power control module; and the battery voltage sense, accelerometer, GPS summary and ignition sense portions of the digihw module. Not all modules or functions are available in all products, dependent on the available hardware components. (35505) Add a runtime check for CELLULAR in "display pppstats" command, to avoid trying to display possibly nonexistent mobile PPP status/statistics. This affects products such as the ConnectPort X4 that use a single firmware with cellular support, but which may be manufactured without cellular. Fix a panic problem that occurred running RealPort through a VPN tunnel. (35412, 33130) 82001536_G (2.10.0.7) - July 20, 2010 ENHANCEMENTS: Mesh / Zigbee / XBee networking: - Web UI improvements: - Add sorting and paging of node list. - Remove node list from System Info/XBee page. - Move device status page to Configuration/XBee page. - Bring back simple gateway firmware update page for ZB. - RCI discover command additions: - Add option to get current node list without discovery - Add option to return information for a single node - Return time since last contact with each node - Return firmware update status for each ZB node - Add "info xbee" CLI command to display XBS and XBee statistics. - Return an error if the application uses network addressing on ZigBee (extended addressing is required). - Add support for XBee S2B (cost reduced PRO) radio. - Enable RTS flow control to radio. - Update radio parameters. - Set apply changes option on WR command instead of using AC command when saving radio settings. (32848) - Allow LT parameter value of 0. (32847) - Add XBS_TX_STATUS_KEY_NOT_AUTHORIZED constant to driver and Python. (32682) - Limit the number of queued commands. (32568) - Add RCI get_lqi command to get neighbor tables and link quality. (32509) - Add XBee driver statistics. (32508) - Add sorting of node list by clicking on column header in web UI. (24220) - Fix problems on ConnectPort X4 with 868/900 MHz radios and RTS. (33017) - Set NJ parameter range on SE radios to 0-254. (31477) - Hide SN parameter on ZNet 2.5 gateway radio to prevent a firmware update error. SN is still shown for ZB radio. - Add device type string for LTS gateway. - Enable DTR on the X4 XBee serial port. - Add a Python xbee.reset() method to reset XBee radio. This is for use by applications that communicate directly with the radio module. Add Ethernet MDIX configuration capability. Enhance the Wi-Fi support. - Enable TX power calibration on platforms with Piper+AL7230. - Add A band support to w9p and heavy platforms. - Add "band" configuration on the Wi-Fi LAN Settings web page. Specify the band in which this device is being used. By selecting a band, the channel settings will be restricted to the legal set for that band. - Add "802.11d" configuration on the Wi-Fi LAN Settings web page. 802.11d Multi Domain Capability enables the device operation in additional regulatory domains (countries) with allowed channel set and tx power. - Add "802.11h" configuration on the Wi-Fi LAN Settings web page. 802.11h Spectrum Management provides dynamic channel selection (DCS) and transmit power control (TPC) for devices operating in the 5GHz band (802.11a). - Add "EAP-FAST" network authentication configuration on the Wi-Fi Security Settings web page. EAP-Flexible Authentication via Secure Tunneling is now supported in WPA. - Add the CLI command "revert wlan" and hide the "revert wireless" command (retained for backward compatibility). The option "wlan" is used for the commands set, show, display and info, so the use of "wireless" for revert was inconsistent. (34675) Add support for Qualcomm Gobi 2000 cellular network module (GSM and CDMA). Add limited support for the Sierra Wireless MC8700 cellular (GSM) modem. SMS is supported for this modem. Add limited support for Huawei EM770W and EM770U cellular (GSM) modems. SMS is supported for this modem. Add "Bell Mobility HSPA" to the list of supported mobile carriers in the Mobile Settings web UI. Provides optional PAP/CHAP support. (33916) Update the SSL/TLS implementation with enhancements and bug fixes. Enhance filesystem support: - Add POSIX APIs. - Enhance Python interfaces. - Extend the "ls" command for file systems in RCI to request a hash value be returned for files in the listing. At present, the only hash methods supported are "none" (the default) and "crc32". - Extend all RCI implementations in NDS to supporting requesting a specific file rather than just a directory in a "ls" command request. The "dir" attribute of the "ls" command has been deprecated as a result, with the more applicable synonym "path" now taking its place as the standard attribute tag to use to choose what should be listed. Enhance the DHCP server feature to support user configurable selection of the default gateway (DHCP Option 3: Routers on Subnet) in leases given to clients. The default selection matches what was implicitly offered in all previous firmware releases with DHCP server support. Enhance PPP support: - Add PPP server for standard serial ports. - Add PPP server port profile to web UI. - Display statistics for all PPP instances on CLI "display pppstats". - Rename CLI set/show/revert "pppoutbound" commands to "ppp". - Encrypt PPP passwords in RCI and backup files. Add a new info command to the CLI, "info time". This command displays SNTP Client statistics when SNTP is configured as a time source. Enable TCP keep-alives by default for these services: ssh, telnet. This provides default cleanup of orphaned sessions. Clarify description: the serial statistics page displays the current port settings. (32689) The Connectware Manager (also referred to as Remote Management) has been rebranded in the Digi device firmware as "iDigi". This corresponds with the service being offered by Digi for this purpose. A number of enhancements are added for the iDigi client in the Digi device firmware: - iDigi activity is recorded in the Event Log. - An iDigi client entry appears in the "Connections" list when: - The client is connected to the iDigi server. - The client is trying to connect to the iDigi server. - The client is waiting (listening) for the iDigi server to connect to it. - The client is waiting for a configured interval before initiating a (new) connection to the iDigi server. The connections list may be displayed in the CLI ("who") and in the web UI (Management > Connections). - When the iDigi client is waiting to (re)connect to the server, the connection table entry may be "killed" in which case the wait is canceled and the connection attempt proceeds immediately. - When the iDigi client is connecting to the server, the connection table entry may be "killed" in which case the connection attempt is abandoned. The "connecting" state is typically very brief. If for some reason the Digi device gets "stuck" in the "connecting" state, the kill request will terminate the condition. This is not an expected condition. - Add the CLI command "display idigi" report iDigi connection status of the Digi device. - Add the iDigi status web page under Administration > System Information to report iDigi connection status of the Digi device. - Show the iDigi Device Type for the Digi device on the iDigi Configuration page in the web UI. This is the device type by which the Digi device is known to the iDigi server. That value also is displayed via the CLI command "show mgmtglobal" and in the RCI output as (in addition to the existing field). - Send the actual Digi device type to the iDigi server rather than a possibly user-customized product name in config.ini. Customized names are problematic for the iDigi server for device recognition and management. (1291266) - Eliminate unsupported interfaces from the network settings RCI and related CLI (set mgmtnetwork). The web UI was already correct. (34520) - Increase the maximum permitted request and reply document sizes for the iDigi protocol RCI facility. The new size accommodates encoded files of just over 2MB. - Expose the (previously hidden) devicesecurity CLI option from these commands: set, show, revert. This was previously available but hidden to prevent misuse of some of that command's capabilities. The options that could cause problems if misconfigured have been removed, so it is no longer necessary nor appropriate to hide the devicesecurity option. (34535) Improve iDigi information for SMS replies to #idigi commands. - Add the device ID to the returned data if the 'i' flag is specified. E.g., #idigi,i status - Add the "id" command option for #idigi to return the device ID. I.e., #idigi id - Add support to manage the "waiting to connect" state of the iDigi client to the SMS "#idigi" command. The "#idigi waitcancel" command cancels the wait and the connection attempt proceeds immediately. Change "opts" (options) to "flags" in the SMS # usage (help) text. For the iDigi client configuration's connection server list, reduce the number of server entries to 4 from 8. The list of 8 is simply truncated to 4 for this change. An attempt to restore "deprecated" entries results in warnings, not errors, generated by the settings manager. Note that Digi devices are typically configured to use only one of the server list entries, so this change won't affect deployed products. This reduces runtime memory usage, NVRAM use for configuration setting storage and the RCI text generated for backups. (34309) Reduce the number of Alarms to 8, from the previous maximum of 32. For Digi devices being upgraded from an earlier firmware version, only the first 8 alarms will be used by the new firmware. The other 24 alarm entries will be discarded (deprecated). An attempt to restore such deprecated alarm entries results in an "invalid index" warning rather than an error. This reduces runtime memory usage, NVRAM use for configuration setting storage and the RCI text generated for backups. Add DHCP lease information to the output of the CLI command "show network" when the IP configuration for the Digi device is received from a DHCP server. The information shown includes the IP address of the DHCP server, the lease duration, the renew and rebind times, and the time remaining in the current lease. The VRRP feature is now available only on Digi devices that support cellular services (no longer present for non-cellular devices). (32513) Support for LPD, RLOGIN and RSH have been removed from the product. Remove unneeded and deprecated data and code to reduce memory use. BUG FIXES: Mesh / Zigbee / XBee networking: - Fix bug causing commands to time out too early. (32456) - Fix bug in Python xbee module with handling node discovery errors. (32456) - Require the node ID used in xbee CLI commands be a unique exact or partial match to a node in the node list. (32516) - Fix gateway firmware version display bug in web UI. - Fix a problem in which a specific status message from an XBee radio could cause a false firmware update failure. (34471) - Correct inconsistent return codes from CLI commands "set xbee" and "xbee". The bug resulted in problems for the Python interface to the Digi CLI. (34683) Address issues in the Wi-Fi support. - Fix a bug in which the BSSID is not being randomly generated when creating an ad-hoc network. (33819) - Fix a bug in the Wi-Fi driver that caused duplicate packets to be sent. (32292) - Fix a bug in the Wi-Fi driver ad-hoc mode, caused when the unit sends a probe_response and receives an ACK, followed thereafter by the 500 ms timeout. - Fix WPA/Wi-Fi driver issues related to problems in the handling of 4-Way key exchanges, uncovered through UNH Interoperability testing. (24015, 24030, 28561, 28562, 29455, 31391, 31392) - Fix Wi-Fi driver failures for UNH interoperability. (28659, 23903) - Fix a multirate Wi-Fi defect (protection mode) using AES on b/g WLANs, which caused high packet loss. - Fix Wi-Fi driver issues related to Cisco LEAP+WEP. Fix a problem with Ericsson F3507g module in NDIS mode, in which the '@' character in the username or password results in an authentication failure. NDIS mode is now supported for this modem. (33202) For the Option GTM382 cellular module, fix an issue that prevented the Digi device from successfully acquiring the mobile LAC and CID values. These values are reported as mobile status and are necessary values for troubleshooting. Fix a bug in which setting the time with a year greater than 2036 causes the wrong year to be set. (32781) Fix a bug in which multiple SNTP Server entries may be configured as time sources in the Date and Time Settings, but only the first one in the list is used. (33367) Fix an issue in the SNTP Client that results in frequent name resolution attempts (one per second) if a domain name is configured for an SNTP time source. This may occur if the name is invalid or cannot be resolved by the configured DNS servers. A backoff is implemented to mitigate the too-frequent name resolution attempts. (32652) Fix a bug in which the SMS settings for Python were not being saved when set via the web UI. Fix incorrect "set smscell" help information. Fix a bug in which, for SMS messages sent to Python via #python command, only the text that follows #python (and optional flags/password) should be passed to the Python read interface. The entire message starting with #python was being passed erroneously. Fix a corrupt IPSEC SPD table header string in the output of the CLI commands "display ipsecspd" and "display vpn". Fix a problem in which the Digi device, running in IP Pass-through mode, stops passing packets from the Ethernet interface to the mobile interface. The Digi device had to be rebooted to clear the problem. (33756) - Fix a problem that caused the mobile send to block permanently. - Add detailed statistics for pass-through activity to the CLI command "display passthrough". - Add detailed trace capability for technical support troubleshooting. Fix a bug for dual SIM devices in which the incorrect SIM may be selected when no SIMs are installed or configured. (33966) Fix a problem in which the Cisco ASA would not establish a VPN tunnel to Digi units. (33948) Fix a bug in which the CLI command "show vpn phase1 verbose=on" shows the wrong encryption key size, when the key size is other than the default. (34974) Fix a problem in which the Industrial Automation "Hostname" was not properly set on a configuration restore. (34086) Fix a bug in the Alarms Settings web UI in which the value saved is not what was entered for large time values (cellular-related time intervals). (26557) Fix a bug in which the Digi device might panic (reboot) when using the CLI command "certmgmt" to generate a key for SSH. (33249) Fix a bug in which the cold start trap is sent every time the user enables "Generate cold start traps" in the web page or the CLI. (33655) Fix a bug in which the geofence SMTP server field will not accept a DNS name for the mail server in the web UI (Position Configuration > Geofence Settings). The web page will now accept a FQDN as well as an IP address for the primary and secondary SMTP server fields. (32808) Fix a bug in which the geofence email recipient fields will accept any input as an e-mail address. Recipient strings now are validated in a manner that is consistent with e-mail recipient validation on other web pages. (32809) Fix an inconsistency in validating the signal strength threshold values when configuring alarms for cellular-capable Digi devices. The change standardizes a range of -120 dB to -40 dB. Previously, some interfaces implemented that range, while others implemented the range -300 to 0 dB. (26564) Fix a bug in which a user could not remove or disable a VRRP instance other than by reverting the settings altogether. (30490) Fix a bug in which the DialServ feature's connection_wait_time setting could be set outside its designed value range (10-300). This problem existed only when the setting was applied via the RCI interface. (34647) Fix the keep-alive checkbox for DialServ dial-out configuration. (32833) Fix a pmodem feature problem for which, under some conditions, an ATDT command (that normally works correctly) stops working. (34433) 82001536_F3 (2.9.0.13) - March 16, 2010 ENHANCEMENTS: As a debugging aid, improve the Python interpreter to report the filename of the calling code in tracebacks and other stack inspections. (32589) BUG FIXES: Fix an initialization bug for the GlobalSat BU-353 USB GPS receiver and other SiRF III-based GPS receivers. (33635) 82001536_F2 (2.9.0.11) - February 12, 2010 ENHANCEMENTS: Improve performance of cellular modems (primarily those using NDIS) by queuing more than one buffer with the USB host controller. The default value of the over-the-air (OTA) firmware update setting to is changed to disabled, to avoid interfering with applications using the XBee network. Eliminate excessive event logging for SMS activity. A two-level logging capability is now implemented this such that the original detailed event logging is still available, but the customer must enable it via the settings (CLI, web UI, RCI). By default the event logged SMS activity is now leaner than it was previously. (32265) Improve the Mobile Configuration Advanced Settings web page and the associated web help. The new text states that the mobile connection must be restarted (or the device rebooted) for the settings changes to take effect. The help information was updated with a more detailed discussion of issues for manual carrier selection. (25271) Improve iDigi (Connectware) client's connection backoff/retry logic in the case of failure to connect to the iDigi server. If SNTP Server use is configured as a time source in the Date and Time Settings, with a domain name specified for the time server, the time query could fail if the Access Control List (ACL) feature is enabled. The SNTP client has been modified to temporary configure an ACL entry to permit the time server access, then remove the temporary ACL entry on either success or failure of the time server query. This avoids the need to explicitly configure the time server's IP address in the ACL. A possible stale name resolution condition also was eliminated. Enable IA/Modbus engine sending Modbus via XBee to bind on a source end-point other than 0xE8. This prevents conflict with Dia XBee serial drivers, allowing Modbus and Python/Dia to share the XBee network. The desired bind-end point is appended to the XBee Extended Address (such as 00:13:a2:00:40:3e:15:18!E9). The user must also force the DE in the XBee 232/485 to match this value. (32938) Add "disp ia" to "disp techsupport" command list. (32252) BUG FIXES: Modify SSH to prevent an initial false SNMP login failure trap when the SSH client connects with the "none" authentication method. (1278304). Fix issues in the SSH service implementation: - Eliminate possible memory leaks when loading DSA/RSA keys. - Fix a failure to disconnect and report the reason to the client when the maximum number of authentication failures is reached. Present data frames sent to the mesh gateway broadcast endpoint 0xff to all sockets bound to endpoints 0x01-0xf0 per the ZigBee specification. (32289) Always allow over the air firmware updates of remote XBee-PRO ZB nodes. PRO nodes are not affected by the low-power boot loader problem that prevents updates of non-PRO nodes. Fix several reported VPN problems: - Some Digi products will not build VPN tunnels to other Digi products. (32256, 32257) - TheGreenBow VPN client will no longer build a connection with newer Digi firmware. (32255) - Correct/improve several misleading/incorrect VPN event log messages. - ISAKMP frames negotiating with certificates were being incorrectly generated. The bug caused garbage data to be added to the end of the frame. Also, verification of certificates from the peer would reject the frame if the certificate was followed by a NAT-T discovery payload. (32834) Allow auto-IP addresses (169.254.0.0/16) to be used in IP packets and translated/forwarded by the NAT feature. This had been rejected by the network stack in previous firmware releases. With the Digi device operating in IP Pass-through mode, when working with a pass-through host whose IP settings are statically configured, communication from the mobile network to the pass-through host could be temporarily lost. The loss of communication could occur in as little as four minutes after a successful communication (although usually longer). The outage could continue until the pass-through host sends packets to the Digi device, to be forwarded to the mobile connection. The problem has been corrected. (30936) Fix a bug in the DHCP client that accumulates small network buffers on the DHCP client's internal information structure. This occurred for options received from a DHCP server that are unrecognized by the DHCP client. These buffers are now freed to avoid gradual memory depletion. Fix an issue where the Send Character Immediate IOCTL was not getting a response, causing a RealPort hang. (32061) Fix problems with RX/TX byte counts, activity LED and idle timers for some supported cell modules using USB network interface (NDIS) mode. Specifically, some packets exchanged between the operating system and the module are no longer reported in the RX/TX activity, since those are local packets are not sent over the mobile connection. Also, the RX and TX idle times are now properly initialized when the mobile connection is established. Eliminate some unneeded information from the configuration backup file. (32511, 32512) Flush the DNS resolver cache when the DNS server list changes (servers are removed). This avoids a possible stale DNS resolver cache issue. Disallow an attempt to set the IP address for a network interface and the interface-specific gateway to the same value, which causes problems for routing in the network stack. 0.0.0.0 is substituted for the gateway so IP routing is not adversely affected. Disable NDIS support for the Ericsson cellular modems. The PPP support is supported as in the past. NDIS support for Ericsson modems will be enabled in the future after some technical issues have been resolved. (33202) 82001536_F1 (2.9.0.7) - October 30, 2009 ENHANCEMENTS: Add support for Short Message Service (SMS) capabilities for GSM cellular modems. This feature is available for all GSM cellular modems identified in the "Full Support" list under SUPPORTED CELLULAR MODEMS above. SMS may be used for remote command of the device, alarms, event monitoring and Python application interaction (send and receive). Python support is provided via the new Python module "digisms". The use of passwords and a sender control list (to filter messages that are received from unknown senders) provide user-configurable security for this new feature. Add "Paged Connection" support to the Remote Management settings. This may be used in conjunction with the SMS feature. Add SNTP Client as a time source for time source management. This new feature adds SNTP client as a source for time management. It allows the device to synchronize its clock with NTP/SNTP servers. Configuration for this feature is available through RCI, the web UI and the command line "set clocksource" command. Add an "offset" from UTC to time source management. This new feature adds the ability to modify Coordinated Universal Time (UTC) by increments that correspond with time zones. Configuration for this feature is available through RCI, the web UI and the command line "set time" command. Add logging for time events such as changes to offset or time "jumps". Add SSL connection support and simple password authentication for device connections to the iDigi Server (Connectware Manager Server). Add support for RealPort authentication. Add numerous commands to "display techsupport" for improved reporting. (31539, 31689) Reduce the amount of alarm data sent at the start of a connection to an iDigi Server (Connectware Manager Server) by sending only the active alarms. This improvement is coupled with a server change to not request the current state of all alarms. Add support to flush the ARP table and DNS resolver cache on demand. Enhance "display dnsserver" to display resolver cache entries. Automatically flush the DNS resolver cache when the DNS server list changes, removing possibly stale cache entries. Add support for USB cellular modems using a network interface (NDIS) instead of PPP for improved performance. This is supported for the Option GTM382 and Ericson F3507g modems. Add GPS support for the Ericsson F3507g modem. Add setting and UI to enable/disable antenna diversity on Sierra Wireless cellular modems. (25728) Add the ability to set the SIM PIN for GSM modems to the command line interface: set mobile sim_pin=. If the cellular module can determine and report the location of the cellular base station, the latitude and longitude are reported in the device Event Log. This change applies to some CDMA modems. (26706) Add units to ambiguous measures on the GPS position web page. (29856) XBee (mesh) networking enhancements: Show XBee SN parameter for gateway radio in web UI and CLI. (30782) Improve ZDO node discovery: - ZDO node discovery performed by default on Smart Energy networks. - DDO node discovery performed by default on other networks. - Verify that routers respond to LQI request. - Find and verify end devices in router child table. - Prevent extra LQI requests outside of ZDO discovery. - Add CLI "display xbee zigbee" option to enable ZDO discovery. - Add Python get_node_list() parameters to select discovery types. Log changes in local modem status in event log. Save changes to D7 on web UI basic settings page. Don't require "!" at end of node address in CLI. Update radio parameters. Blink X2 association LED when "identify device" is done on the gateway by itself. Supported on ZNet, ZB, and DigiMesh. Correct node identify message sent to DP 868 and 900 radios. Queue transmissions in gateway while DigiMesh network is asleep. Add CLI "xbee child_table" command to display associated end devices. Add web UI and improve CLI for over the air firmware updates. Improve the ability to break out of "xbee ping" command. Improve support for DigiMesh sleeping network. Add the ability to backup and restore configuration of XBee nodes to .pro files, which are compatible with the X-CTU configuration tool. Add backup and restore, and move existing node identify and resets to a new Device Operations tab under the XBee Configuration web page. Add backup and restore to a TFTP server to the "set xbee" command. (31389) Allow gateway radio firmware update via RCI when the radio is disabled or not recognized. The target address attribute must not be specified in this case. Add click/shift-click support to select a range of nodes on the XBee OTA firmware update web page Correct the range and scaling of XBee voltage parameters. (31943) Allow fully qualified domain names (FQDN) instead of only IP address for a number of features. These features are: AutoConnect, UDP Serial, SNMP trap destinations, and the alarms e-mail server. For UDP Serial, a lookup of the FQDN (typically in the DNS resolver's cache) is done for each packet sent, with a full name resolution occurring only when the cached entry's time-to-live expires (or the cache is flushed). This supports dynamic destination IP addresses. (19517, 30637) Add options to CLI, web UI and RCI to save encrypted passwords and keys in the configuration backup file. Configuration restore accepts either encrypted or plain text passwords and keys. (15108) Add event logging for IPSEC (VPN). (20170) Improve the web UI to make it more intuitively clear how to configure a VPN tunnel for responder mode, The user is now explicitly prompted to select one of: responder only, or client and responder with an address. (26348) VPN support: Improve the CLI to set a default value for the local tunnel when host mode is selected. (30995) The CLI commands for configuring a VPN tunnel have been changed. Older firmware versions allowed you to set the local peer ID of a tunnel using the local_peer_id option in the "set vpn tunnel" command line. This option has been removed from the "set vpn tunnel" command line. You must now use the "set vpn interface" command line to set the local peer ID for all tunnels that use a particular interface. (30994) Add a new configuration option into the VPN Global Settings web page which allows users to select support for dynamic DNS. This feature is useful if the remote VPN peer does not have a static IP address (i.e., its IP address may change). In this case, the remote peer should register its DNS host name using dynamic DNS, and update the DNS entry whenever its IP address changes. When the dynamic DNS option is selected in the VPN Global Settings web page, the VPN client will periodically check the remote peer's DNS entry to see if its IP address has changed. It will renegotiate the VPN tunnel when the address does change. Change the signature method on the self-generated, self-signed certificate from MD5 to SHA1. Although MD5 is not generally unsafe, SHA1 is deemed to be the most secure. All browsers or SSL clients recognize SHA1 instead of MD5. Expose 'rmdir' and 'rename' calls to Python through POSIX wrapper. Update the web UI for IP Forwarding Settings to show the maximum number of entries for Static routes and "Forward TCP/UDP/FTP connections...". (31866) Add support for the u-blox 5 USB GPS receiver. Change the GPS priority so an external or PCIe GPS receiver is given preference over the integrated cellular GPS receiver (if there is one) for sending NMEA output to the /gps/0 device. ENHANCEMENTS in 82001536_F1 subsequent to 82001536_F: Add support to send login success and failure traps via SNMP when a user logs into the device using HTTP or HTTPS. On the Alarms Settings web page and in associated help, clarify that the SMS feature must be enabled to successfully send alarms via SMS. Improve the information sent for some alarm conditions when e-mail or SMS is the configured method for sending the alarm. BUG FIXES: Fix a problem in which the reported VPN status is incorrect. (30201) Correct a problem in selecting (enabling) some mobile service frequency bands when using the Siemens/Cinterion modems. This change accommodates particular environments in which some mobile service providers operate using typical North American frequencies (850 and 1900 MHz) while others operate using typical European frequencies (900 and 1800 MHz). (30705) On dual-SIM devices, check if a SIM is configured by looking for a non-empty init script, rather than looking if the mobile provider has been set. This allows a SIM to be configured by the CLI, which cannot set the provider. When cellular PPP instance settings are set via RCI, mobile PPP settings are set instead to maintain backward compatibility. Change this to also enable the cellular PPP instance, which allows cellular connections to be fully enabled via RCI. (31946) Fix Modbus IA engine support of 802.15.4 radios. (30733) Remove reference to GSM from RSSI alarms in web UI. (25830) Modbus Web UI misaligns the Master to Table Relationship. (31803) Check if enough free memory is available to handle a firmware update from the iDigi Server (Connectware Manager) and return an appropriate error response if not. (31321) Fix a bug that limited length of the primary SNMP destination field in the SNMP Settings web UI. (31895) Add a change to work around a problem in which Digi products do not accept gateways from Apple's Airport Extreme when the Digi product is configured as a DHCP client and the Apple is the DHCP server. (31166) Add Mobile System Information help text to the web UI help information. (31839) Improve a condition under which client-initiated connections to the iDigi Server (Connectware Manager Server)) won't start unless the "Reconnect after..." box is checked. (31885) Eliminate several memory leaks. BUG FIXES in 82001536_F1 subsequent to 82001536_F: Fix a bug in which login success and failure traps were not being sent via SNMP when a user logs into the device using SSH. (32161) Fix a bug that could cause the device to reboot when an alarm is sent via SMS. Fix a condition in which some specific characters could not be sent in SMS messages sent by Python. The characters are: [ \ ] ^ { | } ~ 82001536_F (2.9.0.5) - October 17, 2009 Not released for customer use. See ENHANCEMENTS and BUG FIXES information for 82001536_F1 EOS. 82001536_E3 (2.8.4.16) - August 28, 2009 ENHANCEMENTS: None. BUG FIXES: Fix a memory leak that may occur when DNS lookups are performed. Although the leak is small, it can lead to memory exhaustion in systems that perform many DNS operations, such as some iDigi client configurations. (30870) 82001536_E2 (2.8.4.15) - July 13, 2009 ENHANCEMENTS: None. BUG FIXES: Fix a problem in which the Ericsson F3507g modem cannot successfully unlock the SIM with its PIN. Fix a problem with the manual selection of mobile bands (frequencies) for the Siemens/Cinterion cellular modems, in which the selected band(s) might not be used as requested. (30705) 82001536_E1 (2.8.4.13) - May 20, 2009 ENHANCEMENTS: Add support for new cellular modules: - Ericsson F3507g - Option Wireless GTM382 Improve event log messages for the DHCP Server feature. (29931) Improve a timing condition to reduce by up to five seconds the time it takes before the first mobile PPP connection is established when the Digi device boots. Eliminate some timing dependencies when mobile band and carrier selection options are used with GSM modems. Eliminate a condition that could result in a false indication that the mobile call has dropped when establishing a PPP connection. This avoids unnecessary modem resets and decreases the time that the mobile PPP connection is unavailable. Hide the Dynamic DNS feature on versions of Digi devices that do not support cellular modems. This feature applies only to cellular devices. Add the ability to enable/disable incoming dynamic VPN configurations, and to display all incoming dynamic VPN tunnels. (28912) BUG FIXES: Fix a bug that could result in a USB stall condition when accessing some USB devices. Part of this fix eliminates a possible USB resource leak that could be recovered only by rebooting the Digi device. Ensure that the proper LED color is used at boot time for Digi devices equipped with 2G cellular modems (Siemens). Clear some SIM-related information between modem resets on Digi devices that support two SIMs, to avoid possible confusion that can result when switching between SIMs. The correct information is read from the SIM following the modem reset. 82001536_E (2.8.4.7) - March 31, 2009 ENHANCEMENTS: CELLULAR ENHANCEMENTS: Add support for new cellular modules: - Sierra Wireless MC5727 - Sierra Wireless MC8790 Add support for new Sprint provisioning method (OMA-DM). Add support for on-board GPS receivers on some modules (MC5727, MC8790). Add configuration capabilities in CLI, web UI and RCI. Add capability to report ICCID of the SIM cards. Improve mobile band and carrier selection for GSM modules. Add warning and informational text to web UI, carrier scan wizard and web help. For carrier selection, indicate discovery of 2G and 3G carriers when displayed in the carrier scan wizard. (25271, 28118, 29251) Add information to the event log and the UI (CLI, web and RCI) that indicates the user's choice of manual or automatic cellular band and carrier selection. (24942) Improve the CDMA module provisioning wizard: - Enable PPP on successful provisioning. (29078) - If network provisioning fails, offer a choice of retrying network provisioning, instead of manual provisioning. Choice of manual is available only at the start of the provisioning wizard. Add support to SNMP for mobile link up/down traps. (25003) MESH NETWORKING ENHANCEMENTS: Add support for XBee DigiMesh 2.4GHz and 900MHz radios. Add support for XBee 868 radios. ZB - Support Over the Air firmware updates for ZB Mesh XBee. ZB - Support use of 16-bit address. ZB - Support ZDO Node discovery using neighbor tables for ZB firmware. Add support for Mesh Source Routing. Add support for transmit queuing in the gateway. Add ability to locate and identify units using a button on Gateway web UI and via CLI. Change behavior of XBee Route command to show route to end node. Sort node list in Web UI by Node ID. Support Zigbee fragmentation within the IA Modbus engine when sending to Zigbee/mesh serial Modbus destinations (requires appropriate XBee coordinator firmware). Other specific enhancements: - Rename CLI options for set/show/display from "mesh" to "xbee". The option "mesh" remains as a hidden alias, but it is deprecated. - Add support for "xbee" utility command to CLI. - Add "revert xbee" command to CLI. - Improve string parsing in CLI and value validation in web UI. - Add zbGetGatewayInfo() function to return gateway status. - Add data loopback support. - Add handling of ZB many to one route request frame. - Add Python class to control the local digital I/O pins. (ConnectPort X4 NEMA only) - Add Python functions to determine analog vs. digital I/O line types. (ConnectPort X4 NEMA only) - Add alias configure_ain() for digihw.configure_channel() - Add XBee socket option (XBS_SO_EP_SYNC_TX) to block until sendto() is ACKed or fails and return status - Add radio frame API type to radio message callback - Improve blocking of commands during radio initialization - Improve calculation of transmission timeouts - Modify settings to load on demand and save only changed values so web UI transfers fewer settings to/from nodes. - Rename DDO command options, add to Python interface. - Assign new frame ID for transmission retries. - Display node list grouped by routers and their end devices in CLI. - Send loopback request before DDO commands to improve error detection. - Save API mode setting after radio initialization for faster start up. - Handle payload size errors with source routes. GENERAL/OTHER ENHANCEMENTS: Add support for higher memory platforms (32MB RAM and 16MB Flash). Add configuration web page for MEI in all MEI-capable products. Add diversity setting for Wi-Wave PCIe module on Wi-Fi configuration web page. Update "display techsupport" to include new and additional commands. Add the current date/time to the device status display (CLI and web UI), in addition to the uptime value for the device. Modbus requests/responses for vendor-specific function code 100 are now speculatively estimated as Scattered Read Command (as used by Schneider Electric). Previously, function 100 was treated as not possible to estimate, thus the idle-gap (time with no more data) was the only method to detect end-of-packet. This change should be transparent to other vendors using function 100 for other purposes. First, this estimate is only applied if the 3rd byte of the PDU is the constant 0x04. Second, even packets which are incorrectly estimated will be properly handled by the fall-back detection of the idle-gap. Failure to estimate properly does not cause packet failure; it merely speeds up handling when the end-of-packet estimation succeeds. For event logging, add the device uptime to end-of-log display line (both CLI and web UI), if the timestamp display for logging is other than the uptime (such as date/time). Add simple CLI to manipulate the time source management settings. See CLI command "set clocksource". Use NMEA 0183 default settings for GPS profile. These settings are: 4800,8,N,1,no flow control. (29439) BUG FIXES: CELLULAR BUG FIXES: Fix a panic in the mobile carrier scan thread in the web UI. (26476) Fix a bug in which PPP statistics may display as negative values in "display pppstats". (related to 22844) Correct a bug in which e-mail alarms and snmp traps are not working for a mobile configuration change event. (26810) Fix a problem in which GSM manual carrier selection would always force that connection to have 2G service, even if 3G service is available and supported by the cell modem. (28118) Fix a high CPU utilization issue that occurs while PPP is bringing up a connection. (29771) Fix a problem in which the network time acquired by the Siemens MC75 or TC63 modem, was improperly used to update the system's real time clock. (29646) Fix a problem in which a mobile PPP connection failed or was very slow to be established using a Siemens MC75 or TC63 modem in Europe. The incorrect 2G GSM frequencies were being configured as "preferred bands" resulting in a long delay before the correct European bands were used. (29849) MESH NETWORKING BUG FIXES: - Fix bugs using XBee DP 900 radio firmware. - Fix bug with disabling mesh from CLI. - Use cached 16-bit address only for ZigBee. - Add parameter validation. (28896, 28895, 28894) - Fix callback crash/deadlock. (29183) - Update firmware table after gateway radio FW update. (29217) - Disallow invalid firmware files, improve recovery from OTA firmware update errors. (29220) - Fix bug with frame payload greater than 236 bytes. - Fix ZB broadcast frame size limit. - Fix ZNet 2.5 end devices missing from node list. - Hide network reset button if DigiMesh. (29572) - Fix firmware update from DigiMesh 2.4 to 802.15.4. (29575) - Handle bad arguments to "xbee ping" command. (29592) - Correct node identify message for DigiMesh. (29593) - Fix bug with loopback data size of 256 bytes. (29594) - Shorten some device type strings in web UI and CLI. (29595) - Fix disappearing node ID in web UI. (29605) - Always store network address on node discovery (even if 0xffff). - Blink LED directly instead of sending node identify message from gateway to itself. (29593) - Hide power level setting in web UI for XBee-PRO series 2 radios because it is read-only. (29498) - Fix calibration error when analog inputs have not been configured. (ConnectPort X4 NEMA only) - XBee socket options SO_NONBLOCK and XBS_SO_EP_SYNC_TX were being enabled incorrectly. (29753) - Show correct PAN ID range for installed radio on XBee basic settings web page. (29830) - Set option to "purge" transmissions that are blocked by 868 MHz radio duty cycle limit. (29902) - Preserve gateway radio settings during ZNet firmware update. (29892) - Sort web UI node list by node ID and extended address, instead of grouping by router and children. (29396) - Wait for mesh node discovery to complete before sending another local command because radio will block and command will time out. Does not apply to ZNet or ZB radio firmware. - Log an error and do not attempt to update XBee firmware over the air when target node has the old boot loader with low power setting. (29932) GENERAL/OTHER BUG FIXES: Implement RFC-specified validation for a hostname, per the requirements for DHCP option 12. The RFCs consulted include 952, 1035, 1123 and 2132. The maximum length of the hostname is increased to 127, increased from 31. Support for a FQDN also has been implemented. Web UI help has been updated to describe a valid hostname construction. (27588) Strip carriage returns from TFTP loaded Python scripts. (26971) Add a very basic stat call for FAT FS, so we can report st_size. (22785) Add a check to the DHCP server to accept datagrams only if received on the interface being served by the DHCP server. Affects only devices with multiple LAN interfaces Fix a bug that occurs when restoring a public key: the value is set to the key plus additional bytes, resulting in a corrupt key. (27780) Add option value ranges to CLI "udpserial" command help. (29034) Fix a bug in which the event log includes one or more messages that specify the wrong (misleading) system time value when the device boots. Affects devices with a real time clock. (29804) If a public key has been enabled for SSH, allow authentication based on the key regardless of the password setting. Dynamically generate a list of accepted authentication methods based on the configuration of the device. (27834) 82001536_D1 (2.8.1.13) - December 11, 2008 ENHANCEMENTS: None. BUG FIXES: Upgrading the ConnectPort X4 to the D1 revision firmware from an earlier revision could result in a permanent hang or panic condition. The problem could occur if VPN settings were configured using the B1 revision or earlier firmware, and if those settings were still configured in the ConnectPort X4. Note that only a full revert to factory default settings would have removed those VPN settings. The problem occurs during an implicit conversion of the VPN settings from an older format to their newer format required by the D revision and later firmware. (28851) 82001536_D (2.8.1.8) - October 21, 2008 ENHANCEMENTS: Improve configuration settings implementation to use less memory, better support customized defaults and more effectively manage NVRAM. Add dynamic web page generation support for native web server from Python. Add support for Connectware Manager Web Services. Add support for file system access from Connectware Manager. Mesh networking enhancements: - Replace the term "Mesh Network" with the broader "XBee Network" to better describe the varied RF network types supported by Digi. - Add an option to software reset or network reset a node on the XBee Advanced Settings page of the Web UI. - Add a secondary SNMP destination trap. - Add more configuration and display capabilities to the mesh networking user interface web pages. - Add support for ZB firmware versions 2x21 and later. - Add support for XBee Pro 900 radio. - Add lookup by node ID to set/show/display mesh CLI commands. - Add ability to update gateway radio firmware to web UI and RCI. - Add timeout parameter to C and Python DDO functions. - Add ability to run DDO commands from the CLI. - Display DDO commands for parameters in the CLI. - Handle missing 64-bit address on received frames. - Handle 16-bit cluster IDs. - Increment frame ID in transmitted data frames for debugging. - Update radio parameters supported by the web UI, CLI, and RCI. Add dual SIM support for use with GSM cellular modules. Add native GPS support with Geofencing application. Add VPN "Responder Only" feature. Add automatic failover from one network interface to another as the default gateway using customer-configurable rules. Failover-capable interfaces include cellular and Ethernet. Allow the system time to be set from the Cellular System Time. The real time clock can be set by this source as well. Support a Customizable Dialserve Initialization String. Split apart support for the Web Server (HTTP) service and Secure Web Server (HTTPS) service so they are managed independently of one another. Change mobile PPP interface to be always "mobile0" rather than a set of "pppX" interfaces where X varies among products. Add an on-board Primary Roaming List (PRL) update mechanism for Sierra Wireless CDMA/EVDO cellular modules. Add display of mobile network MCC and MNC numeric values in addition to associated names for Sierra Wireless cellular modems. (26910) Add a conditional second cellular signal strength bar graph to web UI, and a new "Service Mode" item. Add CLI counterparts for these (display mobile). These changes applies to products equipped with Sierra Wireless MC5720/25 modules, for the purpose of reporting signal strength for both 1xRTT service and EV-DO service. The reporting for other cellular modules is unaffected by these changes. Also, show the correct signal strength for the current technology in use for the mobile connection (2G or 3G). On products that have bi-color mobile Signal Strength and/or Link LEDs, correctly set and update the color as follows: - Indicate 3G service via a green LED. - Indicate 2G service via a yellow LED. Since the in-use service may change during the life of the mobile PPP connection, the color is updated if/as the service changes. Add options to set the DNS priorities and gateway priorities lists from the command-line. (27324) Added these options to "set network": gwpriority=(comma-separated interface name list) dnspriority=(comma-separated priority list) Event logging enhancements. - For "uptime", display days+hh:mm:ss versus a time in seconds. - In CLI, support user-selectable time display format. - Automatically determine appropriate time display format according to time source availability and use in a given product. Add start-up event logging in the "system" facility of these items: - product name and ID - model name (if different than the product name) - firmware (EOS) version - boot version - POST version - manufacturing VPD version (build tag) - hardware strapping value The above information is also shown by the "display device" command. Add service provider support for Bell Mobility. BUG FIXES: Mesh networking bug fixes: - Fix mesh node list threading bug that caused remote DDO commands to fail. (25697) - Indicate when a broadcast frame is received and its source address - in ZbAddressParams structure. (25895) - Improve CLI error messages when gateway is disabled. (26632) - Preserve gateway radio settings across firmware update. (26633) - Clear node list when the gateway is disabled. (26634) - Fix panic while setting PAN ID in the web UI. (26876) - Fix payload size checking in ZigBee sockets sendto function. (27184) - Fix bug displaying DDO command results in CLI. (27869) - Allow any length up to maximum for keys and binary settings. (27904) - Fix bug during initial node discovery when remote nodes are sending data. Fix memory leak related to XBee sockets interface. Fix memory leak related to RCI requests. Increase the general event log maximum message size to avoid message truncation. (24640) Release ZigBee socket lock around calls to driver zbSendMessage() to prevent deadlocks. (28356) 82001536_C1 (2.7.2.11) - July 17, 2008 ENHANCEMENTS: Improve the DHCP client capability so it persists in attempting to acquire IP configuration information if the DHCP client is enabled in the device configuration settings, and the DHCP client fails to acquire the IP configuration. This could occur if no DHCP server was available when the device booted, or if the Ethernet cable was disconnected at that time. Improve the detail reported in "display techsupport" for the network settings. Specifically, use "show network globalsettings if=*" to report everything available ("show network" is less complete). BUG FIXES: An engineering change in some versions of supported Sierra Wireless 3G PCI Express modules (8775, 8775V, 8780, 8781) was incompatible with the implemented existing reset logic for all other PCIe based modules, causing the Sierra Wireless modules to come up in "Low-Power Mode." A change was made to the firmware to not drive the PCIe reset pin for Sierra Wireless modules, correcting the issue. Fix a DCD detection problem for Siemens USB modems. (26059) Fix e-mail alarm failures. (26107, 25684, 25810) Correct a time rollover bug (wraparound to zero) in the Event Log. Eliminate a memory leak on the VPN identity key/certificate web page. (26255) Correct a bug in which two of the options of the "set vpn global" CLI command, didn't work as the CLI help stated. Specifically, the options "suppress_phase1_lifetimes" and "suppress_delete_sa_for_pfs" are documented to accept "on" and "off" as values. However, the command was expecting "yes" and "no" instead. The command has been modified to accept "on" and "off" as documented, and "yes" and "no" are still accepted as valid option values. (26607) Fix VPN tunnel settings backup/restore issues. (26648, 25010) o Default settings could be backed up but not restored for some options (such as "host address" of 0.0.0.0). o The manual tunnel outbound authentication algorithm "SHA1" could not be restored. It could be set correctly by use of CLI command and web page settings. Fix a problem in which packets would have a zero Ethernet MAC address for up to four minutes when running in IP Pass-through mode. (26760) 82001536_C (2.7.2.6) - March 28, 2008 ENHANCEMENTS: Update the IP Network Stack to benefit from many improvements and fixes from the network stack vendor. Add support for NAT-T (NAT traversal) VPN tunneling. Add support for Simple Certificate Enrollment Protocol (SCEP) for X.509 certificates. Add support for Virtual Router Redundancy Protocol (VRRP) per RFC 3768. Add support for DNS Proxy, optionally integrated with the DHCP Server. Add support for Python scripting feature. Add support for Device-Initiated RealPort. Add support to the Mobile Configuration web page (Advanced Settings) for user-requested PRL updates. This enhancement applies to the MC5720 and MC5725 air interfaces. Add DMZ support to the NAT feature. Wi-Fi enhancements: - Send gratuitous ARP when connection is established to inform access points of our IP address (issue observed with some Cisco APs). - Add event logging to Wifi driver. - Add Wifi signal strength bar graph to web UI. Enhance the Event Logging feature to permit the user to clear the log on demand, thereby removing all log entries. This is supported in the web UI (Event Logging page) and the CLI ("display logging action=clear"). Add two new options to the CLI command "display logging": head=(lines) tail=(lines) where "(lines)" is a number of log entries to display. The "head" option displays lines from the start of the event log (the oldest entries), and the "tail" option displays lines from the end of the event log (the most recent entries). (25091) Add support to permit the publication of private IP addresses to the DynDNS service. (25403) Add support for Dynamic DNS service updates when the Digi device is operating in IP Pass-through mode. (25129) Add "show ddns" to the list of commands run by "display techsupport". (25725) Add support for 802.15.4 XBee radios with improved node list handling o display mesh clear option o display channel in hex and Mhz o add DD parameter device type for 802.15.4 Reduce runtime memory usage, including both executable code and data. The firmware image size also is somewhat reduced. This results in more available memory in the Digi device, which can help improve performance during intervals of high memory demand operations. Add support for new air interface cards: o Sierra Wireless MC8780 (GSM/GPRS/UMTS/HSDPA/HSUPA) - Succeeds MC8775 (and MC8755). - Supports European frequency. - Adds HSUPA support. o Sierra Wireless MC8781 (GSM/GPRS/UMTS/HSDPA/HSUPA) - Succeeds MC8775 (and MC8765). - Supports North American frequency. - Adds HSUPA support. Improve web UI in numerous areas for usability and feature additions: o Mobile service provisioning. o Mobile service configuration and authentication. o Advanced network configuration: ability to prioritize the ordering of DNS servers and default gateway selection. Add support for CDMA technology selection (i.e., 1xRTT / EVDO / Automatic) for the Sierra Wireless MC5720 and MC5725 modules. Add support for carrier/band/service class (i.e., 2G/3G) selection for the following Sierra Wireless modules: MC8755, MC8765, MC8775, MC8780 and MC8781. The following previous KNOWN ISSUES from earlier releases have been addressed and are no longer issues for the Digi ConnectPort X4: o On some IPSec VPNs, SA lifetime is not negotiated correctly. To work around this issue, configure the SA lifetime on the Digi ConnectPort X4 to be less than that configured on the VPN concentrator. o For IPSec VPN tunnels using AES encryption, multiple key lengths (128-, 192- and 256-bit) are supported for ISAKMP/IKE phase 1 encryption proposals. For ISAKMP/IKE phase 2 proposals, currently only 256-bit keys are supported for AES encryption. Add the "display dnsserver" CLI command to report the DNS servers that are configured in the Digi ConnectPort X4. Add VPN-related CLI options for the "display" command" o ikesa - IKE SA table o ikespd - IKE SPD table o ipsecspd - IPSec SPD table Improve the information provided by the "display techsupport" and "display netdevice" CLI commands. Enable automatic ("sticky") response for UDP Sockets feature to the last client when no UDP Sockets "destinations" are defined. (CR 23531) Enhance NAT trace for improved troubleshooting detail. Revise the signal strength reporting ranges for consistency across the Digi cellular product line and with both service provider and modem manufacturer recommendations. Update service provider support for AT&T. BUG FIXES: Fix a problem in the "set vpn tunnel" CLI. The CLI help incorrectly specifies an option "public_interface" that is actually "interface". The valid interface names shown also may be incorrect. The help has been corrected. (25131) Fix a memory leak in the Python feature. Some of the semaphores created by Python were not being released to the system when they were no longer needed. (25288) Fix a problem in which NAT-T (VPN) failed because a mobile provider network changed the UDP source port for NAT-T, and our version of IKE did not handle that condition properly. (25489) Fix a problem in which possible "garbage" characters may be collected and stored as part of the "Current Network" mobile status item. This information is reported to the user in CLI, web UI and XML sent to the Connectware Manager server. The "garbage" characters were problematic for the Connectware Manager in particular. This fix affects devices that are equipped with the MC87x5 air interface modules, when the "Current Network" value is less than eight characters in length. (24868) Remove the VPN "interfaces" (vpn0, etc.) from the list of valid interfaces for configuring a static route. These are not true network interfaces in Digi's network stack. They are not suitable for static routes, since only IPSEC policies may be used for the purpose of routing packets through tunnels. These VPN pseudo-interfaces are meaningful only for the VPN "Virtual Host" mode, which was included in 82001536_A. Fix a problem for the MC5720 and MC5725 modules, in which the illuminated signal strength LEDs differ from the number of "bars" shown in the web UI (Mobile System Information page) or CLI ("display mobile" command output). (23706) In certain situations, the Sierra Wireless MC5720/MC5725 would indicate that a call had been made, but would not assert the carrier signal on the data virtual UART. This would result in a valid call being dropped prematurely. This has been remedied. Improve the reliability of information reported in the mobile status, including network- and modem-specific status, phone number (when available), and SIM status for GSM. Fixes for mobile service provider support and configuration: o Username and password are no longer required fields for some AT&T (Cingular) Orange service accounts. (23161) o When authentication is disabled: (22466) - Clear the CHAP ID, CHAP key, PAP ID, and PAP password. o Provide a default initialization string for a CDMA Custom Provider. (21890) o Change "European Provider" to "European/EMEA Provider". (19833) Eliminate a possible condition in which a system resource could be lost (leaked) when a cell modem is reset between PPP connections. Only a Digi device reboot would reclaim the resource. Fix an initialization problem with GSM data-only mode configuration in which the mode could remain incorrectly set if a different cellular provider selection is used. Specifically, if data-only mode is enabled, it could not be correctly disabled in the cellular modem. Changed mesh driver to keep other threads from sending commands to the XBee module during initialization Fix problems in WPA when connecting to Cisco access points o fixed bug in setting WPA2 keys Fixed problems where the MAC driver was transmitting when not polling the Wi-Wave module correctly. Eventually caused a lockup of the wifi interface. Add python interface to configure and read analog inputs (on NEMA X4) 82001536_B1 (2.6.3.8) - November 29, 2007 ENHANCEMENTS: None. BUG FIXES: Enable CTS Errata fix to address quicker hardware flow control issues. May see double characters if this is not enabled. 82001536_B (2.6.3.6) - November 8, 2007 ENHANCEMENTS: Add support for TKIP+AES and PCIe LED support in the Wi-Wave -- requires FPGA version 3.04 or later BUG FIXES: Fix issue with stdio holding onto pointers to invalid data. Add SIM PIN retry mechanism to account for slow module access to SIM. Fix missing MEI serial port initialization. 82001536_A1 (2.6.3.5) - October 16, 2007 ENHANCEMENTS: Add support for displaying SIM status as text in addition to the numerical status value. Enable the watchdog code to allow Python to maintain the watchdog so that if a python script that should be working with the watchdog fails, the unit is reset. Added "onexit" parameter to the "set python" cil command. Add support for CLI command access through Python scripts. Improve the ability of SureLink feature to do a DNS lookup when no DNS names were retrieved from the network (use static DNS names instead). BUG FIXES: Fix Cellular Data Only mode initialization where a different cellular provider was selected. Fix a bug where the zigbee socket layer would cause a "hang". Fix a bug where USB Transport Descriptors were leaking from the Sierra Wireless driver. Fix a bug where the flash filesystem could cause the unit to reference a memory structure that had been freed which resulted in heap corruption. 82001536_A (2.6.3.3) - September 27, 2007 Initial release.