RSA-Series Version 2 software Release Notes
Notes and warnings:1. These release notes apply to all models of the RSA-series.
2. V2.x firmware versions contain PHY software for both ADSL Annex A and Annex B.
3. Warning: Firmware versions up to 2.1-4075 cannot be used for units equipped with "W4" WWAN
modules that have firmware version 04.004 and newer. Please check for the WWAN firmware
version of the "W4" models before rolling back to older RSA-series firmware versions.
4. Warning: For firmware versions up to V2.1-4138: Do not leave the WWAN interface enabled for a
prolonged period of time (months/years) when no SIM card is inserted or when the WWAN
port is not used.
5. Software versions with support of the BGP routing protocol and a version with BGP plus support of the
IXagent for cloud access, are available on request.
6. Warning: the standard version 2.1-4398 firmware will not fit in older units with 8MB flash.
When loading this file you will be notified.
For these units use version 2.1-4398.2 (without OSPF support)
(release date: November 30, 2020)
Removed OSPF feature to create firmware file that will fit in units with 8MB flash.
(release date: November 24, 2020)
Updated OpenSSL toolkit and library.
Fixed WWAN RSSI, RSCP and Ec/No reporting in W3 models while transferring data.
Note: the standard version 2.1-4398 firmware will not fit in units with 8MB flash.
When loading this file you will be notified.
For these units use version 2.1-4398.2 (without OSPF support)
(release date: October 30, 2020)
Improved IPsec tunnel failover when X.509 certificates with keys bigger than 2048 bits are used.
Removed Ethernet port re-initialisation upon connecting to the port. Applied patches to PPP daemon to remove EAP vulnerability (CVE-2020-8597). Improved file (firmware and settings) upload procedure.
Corrected order of username/password for WWAN authentication on RSA-1020DW1. Fixed lookup of 2nd DNS address when the 1st DNS address does not respond. Fixed fenomenon of duplicate packets on Ethernet LAN interfaces.
Version 2.1-4348.2 for RSA-1020DW1
(release date: February 12, 2020)
Corrected order of username/password for WWAN authentication.
(release date: October 30, 2019)
All "W1" versions like the RSA-1020DW1 and RSA-4222W1 have an error in the WWAN
authentication setup, which results in the Username and Password being reversed.
This applies to all firmware versions with support for the "W1" versions.
Note that this issue does not apply to the "W3" and "W4" versions.
In cases where authentication is needed (very often not), please write the password
at "Username" and the username at "Password" or update the firmware with the dedicated
"W1" versions. A patched version 2.1-4348 for the RSA-1020DW1 is available for download.
When the 1st of the two ISP-provided DNS servers fails to respond, the 2nd address is not
tried and DNS lookup fails.
Added configurable Global settings for IPsec operation.
IPsec NAT KeepAlive Interval now is configurable in IPsec global settings.
Automatic route installation for reaching the unit via an IPsec tunnel, now
can be disabled/enabled in IPsec global settings.
Added option in IPsec global settings for IKEv2 "make before break" of IKE SAs
on reauthentication of the IKE SA.
Added "Ignore routing tables" in IPsec global settings. This feature can be
used for resolving IPsec source peer address issues in WAN failover operation
when multiple routing tables are configured.
Added "Exclude networks" in IPsec global settings. This feature can be used
for excluding local networks so that the local LAN interface can still be
reached when a (policy based) IPsec tunnel with 0.0.0.0/0 as remote subnet
Added list of available network devices (interfaces) for selection of gateway
for Static routes setup.
Added selection of digest algorithms for Certificate Signing Requests.
All boot log messages at startup are now also written to USB syslog file.
Added Redistribution options to BGP routing setup.
Comma separated lists, as used in IPsec and OpenVPN setup, have been replaced
with individual network boxes that can be added or deleted by clicking + or - signs.
Changed formatting of multiple subnets in IPsec profile overview and IPsec
connection state overview.
IPsec tunnel connection details page now falls back to overview page on expiry
of SAs or termination of the tunnel, instead of showing a blank page.
Clarified configuration of "local loopback interface" in IPsec Phase2/Child-SA
All reset/reboot events now are started with a short power-down of the unit.
Added additional clarifications and various text changes in Web interface.
Changed timing of starting various system processes after startup.
Changed startup sequence of WWAN module to in order to reduce startup time.
When the WWAN interface is enabled while no SIM card is inserted, the retry
period is now limited to 45 minutes. This prevents the WWAN modem from becoming
damaged after several months or years because of the continuous restarts.
Removed unnecessary RADIUS lookup when local users are deleted from the list.
Disabled TLSv1, 3DES and other deprecated ciphers and protocols for HTTPs.
Changed Diffie-Hellman group for PFS in HTTPs from 1024 to 2048-bit.
Added "All" (all packets will be forwarded, no matter the protocol) and "Other"
(for manually entering a protocol number) to protocol selection of Static NAT
Fixed problems with detecting WWAN module after returning to factory defaults.
Fixed wrong firewall configuration when, in a Static NAT (port forward) rule, no
destination address is entered.
Fixed restart of IPsec tunnel upon change in connection profile without disabling
and enabling the tunnel.
Fixed the removal of users where the user name consists of numbers only.
Removed superfluous RTSP conntrack module. This solves crash/reboot issues when
certain IP cameras are connected to the LAN ports.
Changed naming of '2g', '3g' and '4g' bands into 'bands-2g', 'bands-2g' and 'bands-4g'
in configuration file in order to adhere to the general XML rules.
Fixed setting priority in IPsec tunnel profile setup.
Fixed data rate setting of serial RS232 port in CLI mode.
(release date: June 20, 2019)
After a factory defaults reset of the settings, it may take several minutes before the WWAN
module is detected, or the module may not become detected at all. Completely powering down
the unit (removing the power) will help in most cases. Another way is loading a configuration
file that already contains settings for the WWAN module. This issue will be resolved in the
next software release.
When the WWAN interface is enabled, but no SIM card is inserted, the software will retry
forever by continuously restarting the WWAN modem. On the long run (several months or
years) this might damage the WWAN modem. In the next software release the amount of
restarts will be limited. Do not leave the WWAN interface enabled when not used.
Support for new PLS8-E WWAN modules in "W4" versions. These modules have firmware
version 04.004. RSA-series firmware versions 2.1-4075 and before cannot be used in
combination with these modules.
Fixed use of multiple address/names in OpenVPN "Remote peer address" field.
Flushing the IP Conntrack table after wan failover is now postponed until after the iptables
update. This fixes some corner cases when changing over from one WAN interface to the
other during WAN fail-over operation.
(release date: May 16, 2019)
The flushing of the IP conntrack table upon WAN failover is not always carried out at the
correct moment. This will be fixed in the next release.
The OpenVPN 'Remote peer address' field can contain only one name or address where
entering multiple names or addresses should be possible. This will be fixed in the next release.
Number of LAN bridges changed from max. 4 to max. 6.
Added full read and write access to the settings data base via SNMP.
SNMP mib can now be downloaded from the Management>Access services>SNMP page.
Added API for reading/writing multiple settings in the settings data base in one HTTP post.
Added SNMP OIDs to read IP address of each WAN interface persisten to the same OID.
Added data logging functionality for IXagent.
Incoming traffic for port forwarding is now, by default, limited to the IP address of the active
WAN interface, instead of 0.0.0.0/0. This allows for traffic destined for the WAN address of
the router to be distinguished from traffic that is routed to another destination address.
Updated IKEv1/IKEv2 key manager for IPsec (multiple fixes and security updates).
Added support for the new WWAN modem module for the "W1" versions (2G, 3G, 4G LTE Cat.1)
The "W1" versions can be used world wide but support LTE Cat.1 (10.2/5.2 Mbit/s) instead of
LTE Cat.3 (100/50 Mbit/s) of the "W4" versions.
Changed selection of WWAN radio bands. Note that, after loading this firmware version, all bands
will be enabled again. This change supports all bands of the W3, W4, W4U and W1 versions of
WWAN port. Now all bands for 2G, 3G or 4G can be enabled/disabled by clicking a single check
mark or setting a single parameter in the settings database.
Changed threshold level for power brown-out detection. This reduces the chance of a restart
of the unit when a bad (or no) antenna is connected while in 2G WWAN mode.
Alert emails are now encoded in UTF-8.
EthWAN interface is now declared down immediately when Ethernet cable is disconnected.
Changes in HTTP authentication and other for changes to speed up TR069 transactions.
The signal level indication (RSSI) in 3G mode now reflects the total received signal power to line
up with the level indication in 2G and 4G modes. The (more relevant) received signal power from
the actual connected base station are the "RSCP" in 3G modes and the "RSRP" in 4G modes.
The IP conntrack table now is flushed only upon WAN failover.
The 'Remote peer address' field in the OpenVPN setup page is now always shown, instead of
hidden when in P2P TCP server mode.
Fixed using different pre-shared keys without using local en remote identifiers in IKEv1
PSK mode with multiple tunnels.
Fixed reading filenames with spaces when loading custom defaults files from USB drives.
Fixed DNS proxy so that lookups at external DNS servers are not intercepted.
Corrected TR069 state after a transaction is completed.
Increased "safety time" to allow more time for large files to be written into flash memory
(release date: December 5, 2018)
TR069 inform retries are now scheduled according the intervals as described in TR069 amendment 6,
instead of every 60 seconds.
Alerts (email, SMS) now use the WAN "interface name" instead of the generated "linkname". The Progress bars in the Web GUI now better reflect the reboot time, and flash time plus boot time.
Fixed watchdog check functions for "Network", "SNMP", "DSL" and "HTTP". Fixed RFC 4638 operation (MTU 1500 for PPPoE) in ADSL/ATM mode. Changed sending "1 BOOT" event type in TR069 informs after a failed connection to "2 PERIODIC".
When booting from a custom configuration file, the MuLogic test certificates are no longer forced.
(release date: October 30, 2018)
The watchdog check functions for "Network", "SNMP", "DSL" anf "HTTP" do not work in this version. RFC 4638 (MTU 1500 for PPPoE) does not work in ADSL/ATM mode. In TR069 a "1 BOOT" event is sent after a failed connect to the ACS. This should be a "2 PERIODIC". Certificates with index number 1 (id="1") in the custom configuration file will be overwritten with the
MuLogic Test certificates at boot time. The index numbers for certificates in the custom configuration
file must be set to 2 (id="2") and higher. The MuLogic test certificates (local and CA) will remain present
until deleted from a running system.
All these issues will be resolved in the next release.
Added support of RFC 4638 for accommodating an MTU/MRU of 1500 (instead of max 1492) for PPPoE
links. The ISP's BRAS and network should support this feature as well in order for it it work.
The firewall.post script now gets passed the WAN_INTERFACE environment variable which holds the
ifname of the current active WAN interface.
Replaced ping from busybox for ping from iputils. The ping command now has all features as known on regular
Changed default MTU for WWAN ppp connections (as used for the 2G/3G PH8 module) from 1400 to 1500. The MTU now can also be set for WWAN USB connections (as used on the 2G/3G/4G PLS8 and PLS62 modules)
MTU was previously fixed to 1500. For regular operation the MTU should be 1500. Make sure that the value
of 1500 is entered in the setup.
Fixed bug in WAN failover monitor. See "Known issues" of version 2.1-3848. Fixed SNMP (MIB-2) iftable.ifAdminStatus. Now all objects (interfaces) are supported again. Note that only
the settings of Ethernet ports Eth0-Eth3 are stored in the settings database. Also the other interfaces can
be controlled by means of an SNMP-set in iftable.ifAdminStatus, but these settings are not stored.
(release date: October 22, 2018)
In WAN failover: when "ping address 1" responds but "ping address 2" fails to respond, then the
WAN interface will be treated as "down" and the WAN interface with the lower priority will be used.
This is incorrect. The WAN interface should be declared "Up" when either the "ping address 1" or
"ping address 2" responds. This will be corrected in a new release as soon as possible.
Added support for boot.post script. This script is executed once after system initialization. The boot.post and firewall.post scripts are now stored in the settings database and can be created,
written, read, and tested via the web interface and shell.
Added 'fwtest' shell command for manually restarting (updating) the firewall. This command (equal
to the 'Test Script' button in the web interface) can be used for testing the firewall.post script.
Added download to RSA unit of boot.post script and firewall.post script via TR-069 CWMP. Added registers for use in boot.post and firewall.post scripts in settings database. These registers
can be created, written and read via the web interface, shell, and TR-069 CWMP.
Firewall forwarding filter rules in settings database, web interface and via TR-069.
When enabled without additional accept rules, no data will pass the router regardless of passing via
NAT routing, port forwarding, VPN tunnels or straight IP routing. Forwarding filtering is disabled by default.
Added Traffic Control (tc). The settings for tc must be made via the firewall.post script. Added automatic generation of XML Schema Definition file for validation of configuration files. Added WWAN status information to database. This info can now be read via TR-069 CWMP and dbctl. Added data counters of interfaces to database. This info can now be read via TR-069 CWMP and dbctl. Added command-line completion for dbctl commands.
A newly created firewall input rule now is disabled by default. This is to prevent an "accept TCP
all-to-all" firewall input rule from being created directly upon adding a new row (object) via TR-069 or dbctl.
Changed behaviour on creation of an "accept TCP all-to-all" firewall input rule via the web interface.
All newly created rules are now disabled by default.
When no "Ping Addresses" are entered for WAN failover or when these addresses are deleted, the interface
will not be disabled any more. Failover will not work, however, when the ping addresses are missing.
The checkmark for "Load custom settings from USB flash drive" is now visible in the web interface for RSA
models with USB support.
Changed retry of TR-069 response messages to 3 times with 1 second delay. Improved XML validation of uploaded configuration file. Changed procedure for restoring factory defaults or custom defaults by means of the reset button.
Fixed restart of OpenVPN tunnels after WAN fail-over. Fixed readout of xDSL Output power when values (in dBm) are negative. Fixed timeout in TR-069 response on adding or removing static route objects. Fixed several issues in TR-069 getParameterValues response.
(release date: July 9, 2018)
Changed log level of certain TR-069 log messages. Changed log level of certain RADIUS log messages. Disabled sending of IXagent keys via TR-069.
Fixed bug in syslog when hostname string (device name) contains a '%' character. Fixed timeout for TR-069 initiated download of firmware file via slow links. Fixed DHCP server operation on multiple LANs. DHCP services now run indepently from each other.
(release date: June 26, 2018)
Added automatic loading of the custom default configuration or "pre-provisioning" file from a USB drive
in one of the USB ports (RSA-4122/4222 only).
Added upload of custom default configuration or "pre-provisioning" from script via HTTP(s) POST.
Added dbctl options to download firmware from remote site. Added execution of shell commands via http(s). Added 'L2 bridged mode' to GRE tunnels. Added SNMP OIDs and traps for serial Gateway status. Added reset to custom defaults via a "press and hold" of the reset button.
Changed behaviour of reset to factory defaults via a "press and hold" of the reset button. Changed timing and procedure of SIM card detection to support older (slow) SIM cards.
Changed firewall IP filtering setup to prevent accidental creation of a rule to allow access from all IP
addresses to all TCP ports.
Changed DNS lookup for access to TR-069 ACS. Changed timing in system manager code to reduce CPU load.
IXagent subscription information is now stored in the regular settings file so it can
be saved by means of downloading the "configuration with private info".
Blocked output of private data when using dbctl shell commands. Changed handling of datastream for TCP to serial port conversion to avoid data loss in large
blocks of data.
Fixed bug that made RSA-4122(W) to reset when Ethernet port 1 was disconnected directly
after uploading firmware containing new reset controller code.
Fixed bug that caused failed login of newly created users with SSH key. Fixed use of 'dbctl' shell command in web terminal. Fixed SNMP OID for reading serial port DTR status. Fixed system temperature readout. On rare occasions the System temperature readout
was not displayed.
Fixed setting DNS and Gateway address when only LAN interfaces and no WAN interfaces
Fixed encoding of special characters in TR-069 SOAP messages.
(release date: April 16, 2018)
Added routing table to TR-069 CWMP MuLogic branch.
Added user name to 'Configuration changed' alert messages. Added button in web interface for creating 'Custom defaults' file. Added button in web interface for 'Restore custom default configuration'.
Changed behaviour when clicking 'Restore factory default configuration': now all configuration files and
user-made scripts will be deleted, similar to factory reset by keeping the reset button pressed.
DTR control of serial port gateway TCP client now is configurable as option.
Changed routing table in web interface. Now the type of routing protocol (RIP, OSPF or BGP) is shown. Moved storage of 'Software image url' to another location in the database. URLs will have to be entered again. Added BPG status and bgpd debug output.
Fixed Odd and Even parity setting of serial ports. Fixed long delay when opening 'Management>system time' web page. Fixed timeout when reading 'CurrentGateway' via TR-069 for the 1st time after reboot. Fixed unintended 60 seconds delay when changing configuration of serial ports.
(release date: April 4, 2018)
Added Role based access control for users authenticated via RADIUS (for HTTP/HTTPS and SSH shell access).
All roles can be assigned through the vendor specific "MuLogic-Login-Role" attribute. The RFC 2865 Service-Type attribute
supports the roles of "Administrator" (value 6) and "Operator" (value 7).
Added "Web administrator" user role. This role offers all permissions of "Administrator" except for shell command access. Added "Updater" user role. This role only offers permission to update firmware and view the Device info summary. Added "Logged-in users" to Device info web pages and "who" command to the shell interface. Added TR-069 CPE WAN Management Protocol (CWMP) for remote device management. Added web view (last entry on top) and raw file output of Account log. Added page for setting system temperature threshold for alerting.
Added alert messaging of system temperature above threshold. Added alert messaging of configuration changes. Added SNMP OID with MD5 hash of configuration file. Added "ANY" to protocol selection of IP filtering in firewall. Added support for static routes over (point-to-point) network devices. Added handling of custom default or "pre-provisioning" configuration file.
Added BGP routing protocol (Note: software with this feature is available on demand). Added IXagent for cloud access via IXplatform (Note: software with this feature is available on demand).
Updated Annex A and Annex B PHY software for RSA units with VDSL2 support. Updated routing daemon software for RIP and OSPF. Increased timeout of "network ping-check" from 0.5 seconds to 1.2 seconds.
Removed IP port range restriction for serial gateways. Changed boot reason to "Watchdog timeout" upon reboot after watchdog time out. The saved file "configuration without private info" no longer contains user names and key files. After loading this file, the
default admin password will apply and the factory default "test certificate" is used for https.
Changed download file name for settings with private data to "backupsettings-priv.xml". Changed formatting of file for account log download to facilitate text editors like Wordpad. Increased maximum length of host names for Watchdog Network check to 128 characters. IPsec key manager is disabled completely when no IPsec profile is enabled. Various text changes and additions of information in web pages.
Fixed ospfd SEGFAULT message when OSPF operation is disabled. Fixed reporting of line attenuation in ADSL Annex B mode of ADSL/VDSL2 models.
Fixed RADIUS authentication for SSH login. Fixed VPN LED behaviour when openvpn tunnels go down. Now the alert manager is triggered and the VPN LED turns off. Fixed support for HTTPS certificates without a trailing newline. Fixed HTTPS mode for firmware download from remote web server. Note: a root CA (public key) of the remote server must
be added to the list of CA certificates.
Removed "X-Frame-Options: SAMEORIGIN" header from HTML pages. This gave problems when showing the Web interface
in an I-frame.
(release date: December 12, 2017)
Watchdog Network check now also supports host names besides IP addresses. Added description and enable check box to static routes setup. Added support for Broadcom-based ADSL DSLAMs with 'Nitro' mode (ATM compression) enabled.
Changed behaviour when uploading wrong file type (or empty file) as configuration file. Changed order of presentation of SNMPv3 Auth and Privacy settings in web interface. The error message when adding ADSL interfaces with duplicate VPI/VCI now appears when
the interface is enabled instead of when created. Now multiple (disbled) DSL interfaces
with the same VPI/VCI can be stored.
(release date: November 23, 2017)
The URL for firmware update from remote server in the web interface is now stored after
having been used. It will be changed by writing new URL.
Added means to store pre-provisioning configuration. This configuration is not deleted
at a "factory defaults reset" via Web interface, command line or TR-069 RPC.
Note that this configuration is deleted on resetting to factory defaults by means of
keeping the reset button pressed.
The URL for firmware update from remote server in the web interface is now stored after
having been used. It will be changed by writing new URL.
Relaxed the communication timeout while uploading firmware images. Updated web server software to add latest security improvements. Added to some security related HTTP headers. Improved firmware upload while low memory available. In ADSL Bridge mode, now both untagged ATM interface and VLAN tagged ATM
interface are add to the LAN bridge. This allows for using either untagged
or tagged VLAN over ATM without changing configuration.
Improved behaviour of WWAN interface on change or forced refresh of IP address.
On some mobile networks the WWAN link fell back from 4G to 3G on change of
Fixed problem with connecting to certain SMTP servers for email alerts. Fixed usage of "Domain" option in DHCP server mode. Fixed re-initialisation of static routes when WAN interface changes (manual or fail-over) Fixed OpenVPN P2P TCP-server mode.
(release date: Oktober 4, 2017)
Added Local ID to IPsec IKE configuration when using certificates for authentication..
Added Ethernet port control (enable/disable) via SNMP (MIB2 IfAdminStatus). Added readout of Ethernet attached MAC addresses via SNMP (parts of Bridge-MIB). Added warning message when too big firmware images are uploaded. Added WAN interfaces to interface lists of RIP and OSPF setup.
Added support for new revision of Cinterion 2/3G modules.
Added internal hardware integrity check.
Ethernet device status is shown as 'disabled' instead of 'down' when disabled. Changed log level of DHCP and WWAN connect events.
Removed reference to "USB syslog" on hardware versions without USB ports. Removed /netmask from WAN adresses in e-mail and SMS alerts.
Fixed accidental "return to factory settings" on power surge or static discharge. Fixed reconnect of DSL link after both short and long line interruptions. Fixed temporarily loss of connection of DHCP enabled WAN ports on DHCP renew.
DHCP renews are ignored when the IP address has not changed.
(release date: June 12, 2017)
Added field in WWAN setup page to enter PUK code in case of blocked SIM card
after 3 consecutive activations with wrong PIN code.
Added Enable/disable checkmarks for SNMP-invoked firmware and config file
download from remote server.
Added hardware revision number (Rev1.3) for new RSA-M1 main boards with 16MB flash. Changed "Management>Services" menu: added submenus for HTTP, SNMP and Shell.
Improved firmware update procedure to allow updates on systems with low memory.
Removed reference to "USB syslog" on hardware versions without USB ports.
Fixed bug that caused firewall updates to fail when starting IPsec profiles with missing
"Remote network" entry.
Switched SNMP OID's vpnTunAdminStatus and vpnTunOperStatus objects to match the
(release date: May 29, 2017)
Ethernet WAN port in DHCP mode will have IP address 192.0.2.1 until valid
DHCP lease is obtained.
Added SNMP-invoked config download from remote server.
Added extra debounce for contact input sensor. Added Request ID (reqid) to IPsec status overview. When an Ethernet port is configured as WAN port this WAN port will become
active immediately (in DHCP client mode with default IP address 192.0.2.1).
DHCP host name of EthWAN port is product name by default or System name
Fixed automatic cert name generation after loading CA cert via SCEP. Fixed showing DHCP lease info of DHCP clients without host name. Fixed WWAN connection monitoring of 4G (W4) versions.
(release date: May 2, 2017)
Added IPsec failover to multiple remote peers in a single profile. Multiple peer addresses can be
added (comma separated) in the peer address field. The first entered address is tried first. If
connection fails, then the next entered address is tried, etc.
Added priority for IPsec profiles with equal crypto and Phase2/Child-SA configuration to different
peer addresses. This can be used for IPsec failover operation by using two profiles. The remote
peers must be individual IPsec devices. If the remote peer is a single device that can be accessed
via different IP addresses, then the priority must be equal or left at 0. The lowest number stands
for the highest priority. If the priority is equal, then the last established IPsec tunnel will be the
active one. If the priority value is 0 then the priority is calculated automatically by the system.
Enabled IPsec IKEv2 MOBIKE operation for rapid handover of IPsec tunnels in case of a local WAN
port change caused by a WAN failover action. In IKEv1 mode or when IKEv2 MOBIKE is disabled,
all IPsec tunnels will be restarted on a WAN failover action.
Added generation of private Key and Certificate Signing Request for local certificates. Added online certificate enrollment by means of SCEP. Added online CA certificate retrieval by means of SCEP.
(release date: March 28, 2017)
Added alerts (SNMP-trap, email, SMS) for failed authentication. Added automatic detection of PPPoE over untagged or VLAN tagged ATM channel.
Added filtering to prevent data to remote networks over IPsec tunnels to be routed to the WAN
port when the IPsec tunnel is down or reauthenticating in IKEv2 mode. This prevents loss of
TCP/IP connections during IKEv2 reauthentication.
Added "empty" rc.local and firewall.post scripts. User names for HTTP(s) access are now limited to 32 characters to prevent syslog cluttering with
oversized user names.
Changed setup of WWAN data connections to speed up "on demand" mode for failover operation. Updated RSA-series SNMP MIB with reference to Authentication failure (loginFailure) trap. Added configurable IPv6 enable/disable. IPv6 is now disabled by default until needed.
Fixed status messages in WWAN setup menu. Fixed WWAN lockup caused by temporary loss of Mobile Network service.
(release date: March 14, 2017)
Added "Source address rewriting" to Port Forwarding. This allows access to devices in a LAN
without the need for these devices to set the router's address as gateway.
Added means to disable "reauthentication" for IKEv2 mode of IPsec and do "rekeying" instead.
Changed type of internal interface for LTE (W4) versions of WWAN routers. Improved data througput in 4G/LTE wwan mode.
Fixed activation of configured default route and static routes after reboot. Fixed immediate loading of CA certificates for IPsec without the need of a reboot.
Status messages in WWAN setup menu may falsely indicate "Initializing" and "Connecting".
This will be fixed in the next release.
(release date: February 6, 2017)
Added facilities for /config/firewall.post (iptables) script which gets executed each time the
system reconfigures the firewall. This can be used to add firewall (iptables) rules that are
not supported by the regular user interface. Contact MuLogic for additional information.
Changed internal handling of rows in tables of the settings database. Now a row added to
an empty table will always start with index 1 and and added rows will start at the lowest
available index number. This is done for clarity in using the dbctl shell command.
The kernel routing cache now is flushed actively on changes in the routing table like during
WAN failover and network checks.
WWAN data limits and counters now only can be changed or reset by users with Admin role.
Manually configured default route and static routes are not activated properly after reboot.
This will be fixed in the next release.
(release date: January 30, 2017)
Changed behaviour when removing (default) 'Admin' account. Now when there is another user
with 'admin' role, no new (default) account will be made for username 'admin'. When there is
no other user with 'admin' role, a default account will be made with for username 'admin'.
Swapped RxD and TxD LEDs on RSA-1x20D versions. Fixed wrong system temperature reading on RSA-4x22 units with Rev2.0 Add-on board. Fixed inadvertent error messages when adding or deleting users.
(release date: January 23, 2017)
Added automatic detection of other DHCP servers in the connected LAN to avoid DHCP server conflict.
When enabled, and other DHCP servers are found, the local DHCP server will be disabled automatically.
Added "Enable" checkmarks for controlling Static NAT (Port forwarding) rules.
Moved position of Certificates menu from "Setup" to "Management" in web interface. Moved position of "Manage users" and "Services" directly under "Management" in web interface. Improved throughput of "W4" (4G/3G/2G) WWAN devices. Enabled multicast traffic type on GRE tunnels for RIP operation. Allow for changing remote syslog server without having to disable/enable first. Changed display of contact-out status to reflex the actual state instead of the set state. Added additional WWAN modem status information. Various text changes in web interface.
Fix for proper IPsec IKEv2-SA rekeying with older Cisco ASA firmware. (bug in ASA software). Fixed handling of X.509 certificates with "non printable" characters in T61 instead of UTF-8 format. Fixed bug in IPsec IKE exchange with PSK when changing from specified Remote Identifier to "any" Remote identifier.
Fixed lock-up in System Alerts when too many alerts are generated in a short time. Fixed saving the contact output state in flash. Fixed bug in dbctl command when changing the value of some objects. Fixed automatic reconnect when manually changing WWAN access (2G/3G/4G) mode.
(release date: December 14, 2016)
Added SNMP OIDs for serial gateways and xDSL.
Changed SMS and email alert message content.
Fixed ping and traceroute tool in web interface for working with hostnames. Fixed stacktrace when accessing WWAN SNMP OIDs on units without WWAN.
(release date: November 28, 2016)
- Added SNMP OIDs for WWAN data usage and data limit.
- Changed xDSL BERT test page.
- WWAN interface now is disabled by default (when not yet configured).
- Improved stability and memory usage.
(release date: November 16, 2016)
- Added OSPF routing and added features to RIP routing.
- Added OSPF and IGMP types to firewall protocols.
- Added RADIUS authentication for (admin) access control.
- Added RAW syslog view in web interface.
- Added "task scheduler" for reboot and restart of PPP connections.
- Added basic "terminal" command line interface to Tools in webinterface.
- Added static IP address configuration for PPPoE over EthWAN interfaces.
- Added support for PPPoE over VLAN for ADSL links.
- Added local loopback address to serve as local IPsec end-point.
- Added several OIDs to SNMP agent. (New MIB available).
- Updated IPsec IKE manager software.
- Updated device drivers for improved performance and stability.
- Added features to RIP configuartion menu.
- Added ifname to GRE tunnels (for lookup).
- Added MTU setting for GRE.
- Changed IPsec "idle" state to "connecting" if appropriate.
- Moved some IPsec debug string to "warning" level for better
trouble shooting of IPsec config errors.
- Improved routing throughput.
- Changed Dynamic NAT (IP masquerading) from global to "per LAN"
- Added option "none" for OpenVPN Layer 2 (tap) mode LAN bridge assignment.
- Changed NTP and DNS server check algorithms to reduce data traffic.
- Fixed WWAN data counters that did not work after counter reset.
- Fixed system alerts for vpn tunnel Up and Down.
- Fixed OpenVPN UDP mode.
- Fixed individual enable/disable of recipient types for system alerts.
- Fixed IPsec DH1 (modp768) mode.
- Fixed bug that caused serial RS232 port to block after use of the serial CLI.
- Fixed SNMP sets in RSA-series MIB.
- Fixed "reboot" from command line to do a proper shutdown and reboot.
- Fixed DTR and DCD LED control.
(release date: July 12, 2016)
- Increased WWAN network registration time-out from 45 to 120 seconds.
- Increased WWAN data connection time-out from 30 to 60 seconds.
- Fixed DHCP lease time setting.
(release date: June 27, 2016)
- Changed OpenVPN info (details) page.
- Added OpenVPN "exit notify" to signal the remote peer that a tunnel has been disabled.
- Added restart of WWAN link on certain SIM card error messages.
- Moved Tools>DSL>BER test to separate page.
- HTML text changes.
- Fixed bug in Tools>Network page. Now other WAN interfaces can be selected.
(release date: June 20, 2016)
- Changed PPP timeout from 15 to 60 seconds.
- Changed items shown in IPsec and OpenVPN tables.
- Added bootloader version to summary page.
- Several changes in text of HTML pages.
(release date: June 14, 2016)
- Changed IP filtering page: Added warning when IP filtering is disabled.
- Changed IP connection state overview page. (now the tunneled nets are shown).
- Changed RSA-1020DW signal level LED thresholds.
- Added text to Firewall and NAT setup html pages.
- Several changes in text of HTML pages.
- Fixed bug in PPPoE over PTM (VDSL2).
- Fixed IP filtering page (hide shortcusts when filtering is disabled).
- Fixed IPsec connection state details pages.
(release date: June 6, 2016)
- Changed firmware update html page.
- Change in firmware upload procedure to prevent settings made just before firmware update from not being saved.
- Added system name and WAN IP address to email alersts.
- Added text to Firewall and NAT setup html pages.
- Fixed limitation to 1 LAN bridge for units with one Ethernet interface. All 4 LAN bridges are available now.
(release date: May 30, 2016)
- Updated RSA-1020DW profile.
- Added RSA-1120D, RSA-1120D, RSA-1120(W) and RSA-1220(W) profiles.
- Changed memory management parameters to prevent unused but fragmented
memory from growing too big.
(release date: May 24, 2016)
- Allow configuration of custom MAC address for IPoE interfaces.
- Allow configuration of static IP addresses for PPPoA and PPPoE interfaces.
- Disabled DSL interface now shows 'Disabled' in status field instead of 'Starting'.
- Fixed RIP routing daemon.
(release date: May 2, 2016)
- Added remote network configuration to GRE tunnel setup page.
- Firewall drop(deny) rules now have priority over accept(allow) rules.
- Traceroute and ping tools now remember last selected gateway.
- Various text changes, additions and clarifications in web interface.
- VPN LED is not turned On when GRE tunnel is activated.
- Fixed bug that caused reboot when immediately sending email alert at startup.
- Fixed bug that caused firewall rules to disappear when source address fields are
left empty in IP filtering and Static NAT setup.
(release date: April 19, 2016)
- Added firewall configuration option to control routing between LAN bridges.
- Added LAN bridge selection for Layer 2 OpenVPN tunnels.
- Updated xDSL PHYs to latest version.
- xDSL SRA feature enabled by default.
- Only restart-on-idle for "active" IPsec connections.
- Ignore non-digit characters in SMS number fields.
- Increased maximum string length of IPsec PSK to 128 characters.
- Textual changes in web interface.
- Removed irrelevant syslog message when adding or removing users.
- Renew xDSL CO vendor ID after xDSL line down.
- Fixed display of multiple IPsec child SAs (Phases 2).
- Fixed xDSL Dying Gasp signalling on reboot, firmware update and watchdog time-out.
- Fixed GRE tunnel operation.
- Fixed OpenVPN Layer 2 operation.
- Fixed ICMP allow/block rule. (Addresses can be entered now).
- Fixed refusal of adding VPI/VCI combination when present but not used in other DSL profile.
- Fixed memory leak problem when manually restarting xDLS link too often.
(release date: March 30, 2016)
- Added remote DSLAM Vendor ID on DSL statistics page.
- Added VDSL2 profile on DSL statistics page.
- Syslog link now opens new browser tab or page.
- Changed DSL statistics page (collumn alignment)
- Fixed possible stacktrace on boot.
- Fixed "upload settings" feature.
- Fixed reversed actual downstream/upstream rates on DSL statistics page.
(release date: Feb 28, 2016)
- First formal release of RSA-4222 V2.0 firmware.
- Other devices of the RSA-series will be added over time.