22.8.33.50 - June 2024, Feature

Release category: Mandatory

New feature

  1. Added configuration options for running a PPPoE server in IP passthrough mode [DALP-1045]

  2. TX: Support for DMVPM has been added.

Enhancements

  1. Update firmware OTA downloads to utilize the Digi Remote Manager firmware repository (firmware.devicecloud.com instead of firmware.accns.com) [DALP-606]

  2. Always display Central managementFirmware server configuration setting regardless of which central management service is selected [DAL-5719]

  3. Always display Central managementSpeedtest server configuration setting regardless of which central management service is selected [DAL-6527]

  4. New modem firmware ota download Admin CLI command for downloading cellular modem firmware from the Digi firmware repository [DAL-6541]

  5. Add ability to specify DFS channels under NetworkWi-FiClient mode connections for background scanning when DFS client support is enabled [DALP-1004]

  6. Add cellular carrier name and PLMN ID to StatusModems page in the web UI [DAL-6554]

  7. Mark Containers as a premium feature enabled via Digi Remote Manager [DALP-1038]

  8. Support the ability to start/stop containers via RCI commands from Digi Remote Manager [DAL-6468]

  9. Added new metrics for sending container status, name, CPU load, and disk usage as datapoints to Digi Remote Manager [DAL-6404]

  10. New show eth Admin CLI command to show the link status of each Ethernet port [DAL-6126]

  11. New poweroff CLI command to perform a graceful shutdown of the device without automatically rebooting [DALP-982]

    TX54/TX64: On a TX54 or TX64 that has the ignition sense line connected and is ON, the device will reboot.

  12. Added new Strict routing setting to IPsec tunnels that, if enabled, will only route packets through the tunnel if both the source IP and destination IP match the IPsec tunnel’s policies instead of NAT-ing traffic that only matches the remote network policy [DAL-5317]

  13. Added new MS-CHAPv2 option under L2TPL2TP network serversAuthentication method to support clients that require MS-CHAPv2 for authentication to a L2TP/IPsec server [DAL-6327]

  14. Store kernel crashes and debug logs across reboots and automatically add them to the system logs in /var/log/ [DAL-6496]

  15. Include AT#FWSWITCH output in support reports [DAL-6580]

  16. Added network.modem.modem.gea1_cipher debug config setting that can be can enable GEA1 cipher and speed up initial connectivity and SIM failover on Quectel modems [DAL-5258]

  17. Automatically refresh the SystemFirmware Update page in the web UI after a user clicks the Duplicate Firmware button [DAL-4750]

  18. Add disclaimer to NetworkSD-WANWAN bonding settings to note that a DigiRM license is required

  19. Update WAN Bonding client to version 2022-04071718

  20. Support for the Telit LN920 cellular modem [DAL-5863]

  21. The configuration for the speed test and firmware servers has been added to the Digi Remote Manager configuration.

  22. A network configuration parameter has been added to BGP to allow the user to configure which networks should be advertised.

  23. A configuration option has been added to enable and disable aView style SMS control messages if Digi Remote Manager is being used

  24. An issue when attempting to download the OpenVPN client configuration template file when the device has a default system name has been resolved. [DAL-6561]

  25. EX50: Added options under NetworkModemsAccess technology to set the modem to 5G-only (including setting to 5G SA-only, NSA-only, or both NSA/SA-modes) [DAL-6395]

  26. TX64/TX64 RAIL: A new system power profile configuration setting has been added for the TX64 and TX64 Rail platforms which can be used to manage the CPU frequency and power usage of the device. There are four levels

    • Auto

    • Manual

    • Power Save

    • Performance

    The default setting is Performance.

  27. TX64/TX64 RAIL: A new system power leds_enabled configuration setting has been added for the TX64 and TX64 Rail platforms. The LEDs can disabled in order to reduce power consumption. When disabled, the WWAN1 Signal LED will flash every 15 seconds to indicate the device is powered up.

Bug fixes

All bug fixes listed below affect firmware versions 22.5.50.62 or older unless specified otherwise

  1. Added new NetworkRoutesRouting servicesBGPNetworks section for defining specific IP networks to advertise to BGP peers [DAL-6368]

  2. Fixed issue where manual carrier selection through the web UI, configuration settings, or Admin CLI would fail to connect if the SIM required a APN username/password with CHAP authentication [DAL-6552]

  3. Fixed L2TP setups so it only adds a default route for the tunnel if the defaultroute custom PPP setting is specified [DAL-6328]

  4. Add timeout option to modem scan Admin CLI command to allow users to specify a longer scan period for SIMs that can roam to a larger number of nearby carriers

  5. Fixed buffer limitation of 1024 characters when copy/pasting text into the Admin CLI [DAL-6445]

  6. Fixed issue where kernel-level system logs were logged with UTC timestamps regardless of the locally-configured timezone [DAL-6408]

  7. Fixed issue with sending UCS-2 formatted SMS messages with UTF-16 characters [DAL-6318]

  8. Fixed issue preventing the Digi device from connecting to Digi Remote Manager over a HTTP proxy through an IPsec tunnel [DAL-6430]

  9. Fixed permission issue with starting containers added via Digi Remote Manager [DAL-5844]

  10. Fixed invalid format of SIM ICCID metric sent to Digi Remote Manager [DAL-6394]

  11. Fixed issue where Wi-Fi client would not reconnect if the config settings were disabled and then re-enabled [DAL-6592]

  12. Fixed issue where the Reset modem Surelink option would prevent the SIM failover Surelink option from taken affect if both Surelink settings were enabled (affects firmware versions 22.2.x through 22.5.x) [DAL-6343]

  13. Fixed issue with downloading client ovpn file from the local web UI [DAL-6561]

  14. Fixed issue where the connection to Digi Remote Manager would fail if WAN Bonding was enabled [DAL-6386]

  15. Fixed issue where the connection to DigiRM would fail if WAN Bonding was enabled [DAL-6386]

  16. EX50: Fix issue with certain AT&T SIMs connecting with EM9191 modems by ensuring the APN is written to the SIM before connecting

  17. EX50: Fixed connectivity issues where EM9191 modems with a Vodafone SIM would switch to Verizon firmware instead of Generic firmware

  18. TX54/TX64: An issue with the TX54 and TX64 that prevented it from switching back from SIM2 to SIM1 has been resolved. [DAL-5945]

  19. TX54/TX64: An issue that prevent TX54 and TX64 devices using the LM940 cellular module from connecting to the Verizon network has been resolved. [DAL-6186]

  20. TX54/TX64: An issue with the second cellular module on the TX54 and TX64 taking a long time to connect during boot up has been resolved. [DAL-6321]

  21. TX64 5G and RAIL: Connectivity issues on a TX64 5G and TX64 Rail platforms with a Vodafone SIM where the device would switch to using Verizon firmware instead of Generic firmware has been resolved. [DAL-6603]

  22. TX64 RAIL: An issue with the TX64 Rail platform with Ethernet interfaces continually going up and down when configured in 1Gbps, full duplex mode has been resolved. [DAL-6472]

Security fixes

The highest level vulnerability that has been fixed in this release is listed as a CVSS score of 9.8 Critical

  1. Update OpenSSL to version 3.0.5 and 1.1.1q (CVE 2022-2274, CVE-2022-2068) 2. Update Linux kernel to version 5.18

  2. LR54/TX54/TX64: The OpenSSL package has been updated to 3.0.5 on the TX64 platforms and to 1.1.1q on the TX54 and LR54 platforms. [DAL-6442, DAL-6470]

    CVE 2022-2274 CVSS Score: 9.8 Critical CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    CVE-2022-2068 CVSS Score: 9.8 Critical CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H