RSA-Series v2 Firmware release notes

Notes:

  1. These release notes apply to all models of the RSA-series.

  2. V2.x firmware versions contain PHY software for both ADSL Annex A and Annex B.

  3. When upgrading from RSA-4122(W) version 1 software to version 2 software, the settings of
    the version 1 software will not be used (but will remain stored).
    After updating from v1 to v2 software, a new configuration will have to be made, which means
    that you cannot do the upgrade from a remote location over any of the WAN ports.


Version 2.1-3694
(release date: July 9, 2018)

Changes

  • Changed log level of certain TR-069 log messages.
  • Changed log level of certain RADIUS log messages.
  • Disabled sending of IXagent keys via TR-069.

  • Bug fixes

  • Fixed bug in syslog when hostname string (device name) contains a '%' character.
  • Fixed timeout for TR-069 initiated download of firmware file via slow links.
  • Fixed DHCP server operation on multiple LANs. DHCP services now run indepently from each other.



  • Version 2.1-3675
    (release date: June 26, 2018)

    New features

  • Added automatic loading of the custom default configuration or "pre-provisioning" file from a USB drive
       in one of the USB ports (RSA-4122/4222 only).
  • Added upload of custom default configuration or "pre-provisioning" from script via HTTP(s) POST.   
  • Added dbctl options to download firmware from remote site.
  • Added execution of shell commands via http(s).
  • Added 'L2 bridged mode' to GRE tunnels.
  • Added SNMP OIDs and traps for serial Gateway status.
  • Added reset to custom defaults via a "press and hold" of the reset button.

  • Changes

  • Changed behaviour of reset to factory defaults via a "press and hold" of the reset button.
  • Changed timing and procedure of SIM card detection to support older (slow) SIM cards.
  • Changed firewall IP filtering setup to prevent accidental creation of a rule to allow access from all IP
       addresses to all TCP ports.
  • Changed DNS lookup for access to TR-069 ACS.
  • Changed timing in system manager code to reduce CPU load.
  • IXagent subscription information is now stored in the regular settings file so it can
       be saved by means of downloading the "configuration with private info".
  • Blocked output of private data when using dbctl shell commands.

  • Bug fixes

  • Fixed bug that made RSA-4122(W) to reset when Ethernet port 1 was disconnected directly
       after uploading firmware containing new reset controller code. 
  • Fixed bug that caused failed login of newly created users with SSH key.
  • Fixed use of 'dbctl' shell command in web terminal.
  • Fixed SNMP OID for reading serial port DTR status.
  • Fixed system temperature readout. On rare occasions the System temperature readout
       was not displayed.
  • Fixed setting DNS and Gateway address when only LAN interfaces and no WAN interfaces
       are configured.
  • Fixed encoding of special characters in TR-069 SOAP messages.





  • Version 2.1-3578
    (release date: April 16, 2018)

    New features

  • Added routing table to TR-069 CWMP MuLogic branch.
  • Added user name to 'Configuration changed' alert messages.
  • Added button in web interface for creating 'Custom defaults' file.
  • Added button in web interface for 'Restore custom default configuration'.

  • Changes

  • Changed behaviour when clicking 'Restore factory default configuration': now all configuration files and
       user-made scripts will be deleted, similar to factory reset by keeping the reset button pressed.
  • DTR control of serial port gateway TCP client now is configurable as option.
  • Changed routing table in web interface. Now the type of routing protocol (RIP, OSPF or BGP) is shown.
  • Moved storage of 'Software image url' to another location in the database. URLs will have to be entered again.
  • Added BPG status and bgpd debug output.

  • Bug fixes

  • Fixed Odd and Even parity setting of serial ports.
  • Fixed long delay when opening 'Management>system time' web page.
  • Fixed timeout when reading 'CurrentGateway' via TR-069 for the 1st time after reboot.
  • Fixed unintended 60 seconds delay when changing configuration of serial ports.



  • Version 2.1-3536
    (release date: April 4, 2018)

    New features

  • Added Role based access control for users authenticated via RADIUS (for HTTP/HTTPS and SSH shell access).
       All roles can be assigned through the vendor specific "MuLogic-Login-Role" attribute. The RFC 2865 Service-Type attribute
       supports the roles of "Administrator" (value 6) and "Operator" (value 7).
  • Added "Web administrator" user role. This role offers all permissions of "Administrator" except for shell command access.
  • Added "Updater" user role. This role only offers permission to update firmware and view the Device info summary.
  • Added "Logged-in users" to Device info web pages and "who" command to the shell interface.
  • Added TR-069 CPE WAN Management Protocol (CWMP) for remote device management.
  • Added web view (last entry on top) and raw file output of Account log.
  • Added page for setting system temperature threshold for alerting.
  • Added alert messaging of system temperature above threshold.
  • Added alert messaging of configuration changes.
  • Added SNMP OID with MD5 hash of configuration file.
  • Added "ANY" to protocol selection of IP filtering in firewall.
  • Added support for static routes over (point-to-point) network devices.
  • Added handling of custom default or "pre-provisioning" configuration file.
  • Added BGP routing protocol (Note: software with this feature is available on demand).
  • Added IXagent for cloud access via IXplatform (Note: software with this feature is available on demand).

  • Changes

  • Updated Annex A and Annex B PHY software for RSA units with VDSL2 support.
  • Updated routing daemon software for RIP and OSPF.
  • Increased timeout of "network ping-check" from 0.5 seconds to 1.2 seconds.
  • Removed IP port range restriction for serial gateways.
  • Changed boot reason to "Watchdog timeout" upon reboot after watchdog time out.
  • The saved file "configuration without private info" no longer contains user names and key files. After loading this file, the
       default admin password will apply and the factory default "test certificate" is used for https.
  • Changed download file name for settings with private data to "backupsettings-priv.xml".
  • Changed formatting of file for account log download to facilitate text editors like Wordpad.
  • Increased maximum length of host names for Watchdog Network check to 128 characters.
  • IPsec key manager is disabled completely when no IPsec profile is enabled.
  • Various text changes and additions of information in web pages.

  • Bug Fixes

  • Fixed ospfd SEGFAULT message when OSPF operation is disabled.
  • Fixed reporting of line attenuation in ADSL Annex B mode of ADSL/VDSL2 models.
  • Fixed RADIUS authentication for SSH login.
  • Fixed VPN LED behaviour when openvpn tunnels go down. Now the alert manager is triggered and the VPN LED turns off.
  • Fixed support for HTTPS certificates without a trailing newline.
  • Fixed HTTPS mode for firmware download from remote web server. Note: a root CA (public key) of the remote server must
       be added to the list of CA certificates.
  • Removed "X-Frame-Options: SAMEORIGIN" header from HTML pages. This gave problems when showing the Web interface
       in an I-frame.



  • Version 2.1-3258
    (release date: December 12, 2017)

    New features

  • Watchdog Network check now also supports host names besides IP addresses.
  • Added description and enable check box to static routes setup.
  • Added support for Broadcom-based ADSL DSLAMs with 'Nitro' mode (ATM compression) enabled.

  • Changes

  • Changed behaviour when uploading wrong file type (or empty file) as configuration file.
  • Changed order of presentation of SNMPv3 Auth and Privacy settings in web interface.
  • The error message when adding ADSL interfaces with duplicate VPI/VCI now appears when
       the interface is enabled instead of when created. Now multiple (disbled) DSL interfaces
       with the same VPI/VCI can be stored.



  • Version 2.1-3230
    (release date: November 23, 2017)

    New features

  • The URL for firmware update from remote server in the web interface is now stored after
       having been used. It will be changed by writing new URL.
  • Added means to store pre-provisioning configuration. This configuration is not deleted
       at a "factory defaults reset" via Web interface, command line or TR-069 RPC.
       Note that this configuration is deleted on resetting to factory defaults by means of
       keeping the reset button pressed.
  • The URL for firmware update from remote server in the web interface is now stored after
       having been used. It will be changed by writing new URL.

  • Changes

  • Relaxed the communication timeout while uploading firmware images.
  • Updated web server software to add latest security improvements.
  • Added to some security related HTTP headers.
  • Improved firmware upload while low memory available.
  • In ADSL Bridge mode, now both untagged ATM interface and VLAN tagged ATM
       interface are add to the LAN bridge. This allows for using either untagged
       or tagged VLAN over ATM without changing configuration.
  • Improved behaviour of WWAN interface on change or forced refresh of IP address.
       On some mobile networks the WWAN link fell back from 4G to 3G on change of
       IP address.

  • Bug fixes

  • Fixed problem with connecting to certain SMTP servers for email alerts.
  • Fixed usage of "Domain" option in DHCP server mode.
  • Fixed re-initialisation of static routes when WAN interface changes (manual or fail-over)
  • Fixed OpenVPN P2P TCP-server mode.



  • Version 2.1-3142
    (release date: Oktober 4, 2017)

    New features

  • Added Local ID to IPsec IKE configuration when using certificates for authentication..
  • Added Ethernet port control (enable/disable) via SNMP (MIB2 IfAdminStatus).
  • Added readout of Ethernet attached MAC addresses via SNMP (parts of Bridge-MIB).
  • Added warning message when too big firmware images are uploaded.
  • Added WAN interfaces to interface lists of RIP and OSPF setup.
  • Added support for new revision of Cinterion 2/3G modules.
  • Added internal hardware integrity check.

  • Changes

  • Ethernet device status is shown as 'disabled' instead of 'down' when disabled.
  • Changed log level of DHCP and WWAN connect events. 
  • Removed reference to "USB syslog" on hardware versions without USB ports.
  • Removed /netmask from WAN adresses in e-mail and SMS alerts.

  • Bug fixes

  • Fixed accidental "return to factory settings" on power surge or static discharge.
  • Fixed reconnect of DSL link after both short and long line interruptions.
  • Fixed temporarily loss of connection of DHCP enabled WAN ports on DHCP renew.
       DHCP renews are ignored when the IP address has not changed.



  • Version 2.1-2980
    (release date: June 12, 2017)

    New features

  • Added field in WWAN setup page to enter PUK code in case of blocked SIM card
       after 3 consecutive activations with wrong PIN code.
  • Added Enable/disable checkmarks for SNMP-invoked firmware and config file
       download from remote server.

  • Changes

  • Added hardware revision number (Rev1.3) for new RSA-M1 main boards with 16MB flash.
  • Changed "Management>Services" menu: added submenus for HTTP, SNMP and Shell.
  • Improved firmware update procedure to allow updates on systems with low memory.
  • Removed reference to "USB syslog" on hardware versions without USB ports.

  • Bug fixes

  • Fixed bug that caused firewall updates to fail when starting IPsec profiles with missing
       "Remote network" entry.
  • Switched SNMP OID's vpnTunAdminStatus and vpnTunOperStatus objects to match the
       MIB definition.


  • Version 2.1-2958
    (release date: May 29, 2017)

    New features

  • Ethernet WAN port in DHCP mode will have IP address 192.0.2.1 until valid
       DHCP lease is obtained.
  • Added SNMP-invoked config download from remote server.

  • Changes

  • Added extra debounce for contact input sensor.
  • Added Request ID (reqid) to IPsec status overview.
  • When an Ethernet port is configured as WAN port this WAN port will become
       active immediately (in DHCP client mode with default IP address 192.0.2.1).
  • DHCP host name of EthWAN port is product name by default or System name
       when configured.

  • Bug fixes

  • Fixed automatic cert name generation after loading CA cert via SCEP.
  • Fixed showing DHCP lease info of DHCP clients without host name.
  • Fixed WWAN connection monitoring of 4G (W4) versions.


  • Version 2.1-2926
    (release date: May 2, 2017)

    New features

  • Added IPsec failover to multiple remote peers in a single profile. Multiple peer addresses can be
       added (comma separated) in the peer address field. The first entered address is tried first. If
       connection fails, then the next entered address is tried, etc.
  • Added priority for IPsec profiles with equal crypto and Phase2/Child-SA configuration to different
       peer addresses. This can be used for IPsec failover operation by using two profiles. The remote
       peers must be individual IPsec devices. If the remote peer is a single device that can be accessed
       via different IP addresses, then the priority must be equal or left at 0. The lowest number stands
       for the highest priority. If the priority is equal, then the last established IPsec tunnel will be the
       active one. If the priority value is 0 then the priority is calculated automatically by the system.
  • Enabled IPsec IKEv2 MOBIKE operation for rapid handover of IPsec tunnels in case of a local WAN
       port change caused by a WAN failover action. In IKEv1 mode or when IKEv2 MOBIKE is disabled,
       all IPsec tunnels will be restarted on a WAN failover action.
  • Added generation of private Key and Certificate Signing Request for local certificates.
  • Added online certificate enrollment by means of SCEP.
  • Added online CA certificate retrieval by means of SCEP.



  • Version 2.1-2889
    (release date: March 28, 2017)

    New features

  • Added alerts (SNMP-trap, email, SMS) for failed authentication.
  • Added automatic detection of PPPoE over untagged or VLAN tagged ATM channel.

  • Changes

  • Added filtering to prevent data to remote networks over IPsec tunnels to be routed to the WAN
       port when the IPsec tunnel is down or reauthenticating in IKEv2 mode. This prevents loss of
       TCP/IP connections during IKEv2 reauthentication.
  • Added "empty" rc.local and firewall.post scripts.
  • User names for HTTP(s) access are now limited to 32 characters to prevent syslog cluttering with
       oversized user names.
  • Changed setup of WWAN data connections to speed up "on demand" mode for failover operation.
  • Updated RSA-series SNMP MIB with reference to Authentication failure (loginFailure) trap.
  • Added configurable IPv6 enable/disable. IPv6 is now disabled by default until needed.

  • Bug fixes

  • Fixed status messages in WWAN setup menu.
  • Fixed WWAN lockup caused by temporary loss of Mobile Network service. 



  • Version 2.1-2860
    (release date: March 14, 2017)

    New features

  • Added "Source address rewriting" to Port Forwarding. This allows access to devices in a LAN
       without the need for these devices to set the router's address as gateway.
  • Added means to disable "reauthentication" for IKEv2 mode of IPsec and do "rekeying" instead.

  • Changes

  • Changed type of internal interface for LTE (W4) versions of WWAN routers.
  • Improved data througput in 4G/LTE wwan mode.

  • Bug fixes

  • Fixed activation of configured default route and static routes after reboot.
  • Fixed immediate loading of CA certificates for IPsec without the need of a reboot. 

  • Known issues

  • Status messages in WWAN setup menu may falsely indicate "Initializing" and "Connecting".
       This will be fixed in the next release.



  • Version 2.1-2806
    (release date: February 6, 2017)

    New features

  • Added facilities for /config/firewall.post (iptables) script which gets executed each time the
       system reconfigures the firewall. This can be used to add firewall (iptables) rules that are
       not supported by the regular user interface. Contact MuLogic for additional information.

  • Changes

  • Changed internal handling of rows in tables of the settings database. Now a row added to
       an empty table will always start with index 1 and and added rows will start at the lowest
       available index number. This is done for clarity in using the dbctl shell command.
  • The kernel routing cache now is flushed actively on changes in the routing table like during
       WAN failover and network checks.
  • WWAN data limits and counters now only can be changed or reset by users with Admin role.

  • Known issues

  • Manually configured default route and static routes are not activated properly after reboot.
       This will be fixed in the next release.



  • Version 2.1-2796
    (release date: January 30, 2017)

    Changes

  • Changed behaviour when removing (default) 'Admin' account. Now when there is another user
       with 'admin' role, no new (default) account will be made for username 'admin'. When there is
       no other user with 'admin' role, a default account will be made with for username 'admin'.

  • Bug fixes

  • Swapped RxD and TxD LEDs on RSA-1x20D versions.
  • Fixed wrong system temperature reading on RSA-4x22 units with Rev2.0 Add-on board.
  • Fixed inadvertent error messages when adding or deleting users.



  • Version 2.1-2784
    (release date: January 23, 2017)

    New features

  • Added automatic detection of other DHCP servers in the connected LAN to avoid DHCP server conflict.
       When enabled, and other DHCP servers are found, the local DHCP server will be disabled automatically.
  • Added "Enable" checkmarks for controlling Static NAT (Port forwarding) rules.

  • Changes

  • Moved position of Certificates menu from "Setup" to "Management" in web interface.
  • Moved position of "Manage users" and "Services" directly under "Management" in web interface.
  • Improved throughput of "W4" (4G/3G/2G) WWAN devices.
  • Enabled multicast traffic type on GRE tunnels for RIP operation.
  • Allow for changing remote syslog server without having to disable/enable first.
  • Changed display of contact-out status to reflex the actual state instead of the set state.
  • Added additional WWAN modem status information.
  • Various text changes in web interface.

  • Bug fixes

  • Fix for proper IPsec IKEv2-SA rekeying with older Cisco ASA firmware. (bug in ASA software).
  • Fixed handling of X.509 certificates with "non printable" characters in T61 instead of UTF-8 format.
  • Fixed bug in IPsec IKE exchange with PSK when changing from specified Remote Identifier to "any" Remote identifier.
  • Fixed lock-up in System Alerts when too many alerts are generated in a short time.
  • Fixed saving the contact output state in flash.
  • Fixed bug in dbctl command when changing the value of some objects.
  • Fixed automatic reconnect when manually changing WWAN access (2G/3G/4G) mode.



  • Version 2.1-2736
    (release date: December 14, 2016)

    New features

  • Added SNMP OIDs for serial gateways and xDSL.

  • Changes

  • Changed SMS and email alert message content.

  • Bug fixes

  • Fixed ping and traceroute tool in web interface for working with hostnames.
  • Fixed stacktrace when accessing WWAN SNMP OIDs on units without WWAN.



  • Version 2.1-2705
    (release date: November 28, 2016)

    New features

    Changes

    Bug fixes

  • Fixed unnecessary RADIUS authentication attempts for SSH when RADIUS is disabled.
  • Fixed plotting of xDSL "Bins" graph for plots with high value of Bins.
  • Fixed incidental loss of IPsec tunnel information.
  • Fixed memory leak when retrieving IPsec tunnel information.



  • Version 2.1-2686
    (release date: November 16, 2016)

    New features

    Changes

    Bug fixes


    Version 2.0-2434
    (release date: July 12, 2016)

    Changes

    Bug fixes




    Version 2.0-2411
    (release date: June 27, 2016)

    Changes

    Bug fixes


    Version 2.0-2386
    (release date: June 20, 2016)

    Changes


    Version 2.0-2364
    (release date: June 14, 2016)

    Changes

    Bug fixes


    Version 2.0-2345
    (release date: June 6, 2016)

    Changes

    Bug fixes


    Version 2.0-2324
    (release date: May 30, 2016)

    New features

    Changes


    Version 2.0-2296
    (release date: May 24, 2016)

    New features

    Changes

    Bug fixes


    Version 2.0-2272
    (release date: May 2, 2016)

    New features

    Changes

    Bug fixes


    Version 2.0-2242
    (release date: April 19, 2016)

    New features

    Changes

    Bug fixes



    Version 2.0-2204
    (release date: March 30, 2016)

    New features

    Changes

    Bug fixes


    Version 2.0-2184
    (release date: Feb 28, 2016)