24.3.28.88 - March 2024, Feature

Release category: Recommended

New features

  1. Support for Wireguard VPNs has been added.

  2. Support for a new Ookla based speed test has been added.

    Note: This is a Digi Remote Manager exclusive feature.

  1. Support for GRETap Ethernet tunneling has been added.

Enhancements

  1. The WAN Bonding support has been updated

    1. Support for a WAN Bonding backup server has been added.

    2. The WAN Bonding UDP port is now configurable.

    3. The WAN Bonding client has been updated to 1.24.1

  2. Support for configuring which 4G and 5G cellular bands can and cannot be used for a cellular connection has been added.

    Note: This configuration should be used with care as it could lead to poor cellular performance or even preventing the device from connecting to the cellular network.

  3. The System Watchdog has been updated to allow for monitoring of interfaces and cellular modems.

  4. The DHCP server support has been updated

    1. To offer a specific IP address for a DHCP request received on a particular port.

    2. Any requests for the NTP server and WINS server options will be ignored if the options is configured to none.

  5. Support for SNMP traps to be sent when an event occurs has been added. It can be enabled on a per-event type basis.

  6. Support for Email notifications to be sent when an event occurs has been added. It can be enabled on a per-event type basis.

  7. A button has been added to the Web UI Modem Status page to update the modem to the latest available modem firmware image.

  8. The OSPF support has been updated to add the capability to link OSPG routes through a DMVPN tunnel. There are two new configuration options

    1. A new option has been added to Network > Routes > Routing services > OSPFv2 > Interfaces > Network type to specify the network type as a DMVPN tunnel.

    2. A new Redirect setting has been added to Network > Routes > Routing services > NHRP > Network to allow redirection of packets between spokes.

  9. The location service has been updated

    1. To support an interval_multiplier of 0 when forwarding NMEA and TAIP messages. In this case, the NMEA/TAIP messages will be forwarded immediately rather than caching and waiting for the next interval multiple.

    2. To only display the NMEA and TAIP filters depending on the select type.

    3. To display the HDOP value in Web UI, show location command and in the metrics pushed up to Digi Remote Manager.

  10. A configuration option has been added to the Serial interface support to disconnect any active sessions if the serial port DCD or DSR pins are disconnected.

    A new CLI command system serial disconnect has been added to support this.

    The Serial status page in the Web UI has also been updated with the option.

  11. The Digi Remote Manager keepalive support has been updated to more quickly detect stale connections and so can recover the Digi Remote Manager connection more quickly.

  12. The redistribution of connected and static routes by BGP, OSPFv2, OSPFv3, RIP and RIPng has been disabled by default.

  13. The show surelink command has been updated to have a summary view and an interface/tunnel specific view.

  14. The Web UI serial status page and the show serial command have been updated to display the same information. Previously some information was only available on one or the other.

  15. The LDAP support has been updated to support a group name alias.

  16. Support for connecting a USB printer to a device via a USB port has been added. This feature can used via Python or socat to open a TCP port to process printer requests.

  17. The default timeout of the Python digidevice cli.execute function has been updated to 30 seconds to prevent command timeouts on some platforms.

  18. The Verizon 5G V5GA01INTERNET APN has been added to the fallback list.

  19. The help text for modem antenna parameter has been updated to include a warning that it may cause connectivity and performance issues.

  20. The help text for the DHCP hostname option parameter has been updated to clarify its use.

  21. EX50: The EX50 support has been updated to run with a dynamic CPU clock speed between 864 MHz and 1.8 GHz.

    1. CPU throttling will occur if the system temperature goes above 100C

    2. The device will shut down at 125C

    A new power configuration setting system power profile allows the user to select the CPU frequency. The options are auto, performance, powersave, manual. The default setting is auto.

Security fixes

  1. The Linux kernel has been updated to version 6.7 [DAL-9078]

  2. The Python support has been updated to version 3.10.13 [DAL-8214]

  3. The Mosquitto package has been updated to version 2.0.18 [DAL-8811]

    CVE-2023-28366 CVSS Score: 7.5 High

  4. The OpenVPN package has been updated to version 2.6.9 [DAL-8810]

    CVE-2023-46849 CVSS Score: 7.5 High

    CVE-2023-46850 CVSS Score: 9.8 Critical

  5. The rsync package has been updated to version 3.2.7 [DAL-9154]

    CVE-2022-29154 CVSS Score: 7.4 High

    CVE-2022-37434 CVSS Score: 9.8 Critical

    CVE-2018-25032 CVSS Score: 7.5 High

  6. The DNSMasq package has been patched to resolve CVE-2023-28450. [DAL-8338]

    CVE-2023-28450 CVSS Score: 7.5 High

  7. The udhcpc package has been patched to resolved CVE-2011-2716. [DAL-9202]

    CVE-2011-2716 CVSS Score: 6.8 Medium

  8. The default SNMP ACL settings have been updated to prevent access via External zone by default if the SNMP service is enabled. [DAL-9048]

  9. The netif, ubus, uci, libubox packages have been updated to OpenWRT version 22.03 [DAL-8195]

Bug fixes

  1. The following WAN Bonding issues have been resolved

    1. The WAN Bonding client is not restarted if the client stops unexpectedly. [DAL-9015]

    2. The WAN Bonding client was being restarted if an interface went up or down. [DAL-9097]

    3. The WAN Bonding interface staying disconnected if a cellular interface cannot connect. [DAL-9190]

    4. The show route command not displaying the WAN Bonding interface. [DAL-9102]

    5. The show wan-bonding command displaying incorrect interface status. [DAL-8992, DAL-9066]

    6. Unnecessary ports being opened in the firewall. [DAL-9130]

    7. An IPsec tunnel configured to tunnel all traffic whilst using a WAN Bonding interface causing the IPsec tunnel to not pass any traffic. [DAL-8964]

  2. An issue where data metrics being uploaded to Digi Remote Manager being lost has been resolved. [DAL-8787]

  3. An issue that caused Modbus RTUs to unexpectedly timeout has been resolved. [DAL-9064]

  4. An RSTP issue with the bridge name lookup has been resolved. [DAL-9204]

  5. The following issues with cellular status information have been resolved

    1. Cellular signal strength percentage not being reported correctly. [DAL-8504]

    2. Cellular signal strength percentage being reported by the /metrics/cellular/1/sim/signal_percent metric. [DAL-8686]

    3. TX40: The 5G signal strength being reported for the TX40 5G devices. [DAL-8653]

    4. EX50/IX40/TX64: The 5G bandwidth being reported for the EX50/IX40/TX64 5G devices. [DAL-9249]

  6. The following issues with the SNMP Accelerated MIB have been resolved

    1. The cellular tables not working correct on devices with cellular interfaces not called “modem” has been resolved. [DAL-9037]

    2. Syntax errors that prevented if from being correctly parsed by SNMP clients. [DAL-8800]

    3. The runtValue table not being correctly indexed. [DAL-8800]

  7. The following PPPoE issues have been resolved

    1. The client session was not being reset if the server goes away has been resolved. [DAL-6502]

    2. Traffic stopping being routed after a period of time. [DAL-8807]

  8. An issue with the DMVPN phase 3 support where firmware rules needed to the disabled in order to honor default routes inserted by BGP has been resolved. [DAL-8762]

  9. An issue with the DMVPN support taking a long time to come up has been resolved. [DAL-9254]

  10. The Location status page in the Web UI has been updated to display the correct information when the source is set to user-defined.

  11. An issue with the Web UI and show cloud command displaying an internal Linux interface rather than the DAL interface has been resolved. [DAL-9118]

  12. An issue where devices using a Viaero SIM could not connect to 5G networks has been resolved. [DAL-9039]

  13. An issue with the SureLink configuration migration resulting some blank settings has been resolved. [DAL-8399]

  14. An issue where configuration was been committed at boot-up after an update has been resolved. [DAL-9143]

  15. The show network command has been corrected to always display the TX and RX bytes values.

  16. The NHRP support has been updated to not log messages when disabled. [DAL-9254]

  17. IX40 TX40: An issue with the IX40/TX40 5G antenna diversity which would cause the modem to go into a “dump” state has been resolved. [DAL-9013]

  18. EX15/TX54: A Wi-Fi DMA issue that could cause the EX15/TX54 device to crash has been resolved. [DAL-9250]

  19. IX40: An issue with the GNSS active antenna support on the IX40 4G has been resolved. [DAL-7699]

Deprecation

  1. LR54 and LR54W platforms are no longer supported.