Introduction ~~~~~~~~~~~~ Instructions on how to upgrade Opengear firmware are available from: http://www.opengear.com/faq253.html While every effort is made to migrate your existing configuration when upgrading, we recommend that you back up your configuration BEFORE performing the upgrade -- particularly when upgrading to a beta release: http://www.opengear.com/faq302.html Beta releases are provided for evaluation of new features and non-critical bug fixes. They have not undergone as thorough testing as stable releases, and may not yet be suitable for a production environment. Stable releases ~~~~~~~~~~~~~~~ Current production-ready firmware can be found in the current/ directory. Before upgrading, it is important that you read and understand the notes below. Per-release notes of fixes and features can be found later in this document. NOTE: As of console server firmware 3.10.0, we have replaced the majority of the onboard networking scripts with a single, dependency-based connection management daemon called 'conman'. If you have set up custom networking scripts, they are highly likely to be INCOMPATIBLE and NOT WORK in firmware versions 3.10.0 and higher. It is recommended that upgrades be performed in a test environment before being rolled out to production sites. NOTE: Downgrading from Lighthouse 4.2.0 or console server 3.8.0 (or later) to earlier versions will cause HTTP and HTTPS to stop functioning. To remedy this after the downgrade, you will need SSH access to the device. Connect, and run rm /etc/config/lighttpd.d/https.conf then config -r services NOTE: The stable firmware for all console servers is now at least 3.6.1 - If the console servers are being managed via a (V)CMS or Lighthouse appliance, must be first upgraded to 3.6.1 (for (V)CMS) or 4.0.0 (for Lighthouse) at a minimum. NOTE: Any existing pre-3.5.x alerts will be migrated to the Auto-Response subsystem, but there is not a 1-1 correlation between the systems, and it is recommended in that upgrades be performed in a test environment first. The logging subsystem has also been rewritten, and logging formats (particularly for Environmental and UPS data) have changed. If these logs are currently being backed-up or machine-parsed, it is recommended that the upgrade be tested before deployment into production. NOTE: Under 3.5.2 or later, users that are not members of any groups will not get shell access to the device. To give shell access, add the user to the "user" or "admin" groups. If a user just requires pmshell access, add them to the "pmshell" group. NOTE: CMS: With 3.5.3, please upgrade your Opengear CMS install to 3.5.3 FIRST, before upgrading devices under managment to 3.5.3 or later. Failure to do so has the potential to lock users out of the CMS installation. NOTE: Before upgrading from 2.x series firmware to 3.x series firmware, it is critical that you back up any existing configuration. Downgrading 3.x series firmware to 2.x series firmware requires a FACTORY ERASE before the unit will permit you to login. Current production firmware versions: im72xx-3.10.1.flash - version 3.10.1 firmware for IM7208-2, IM7216-2, IM7232-2 and IM7248-2 im42xx-3.10.1.flash - version 3.10.1 firmware for IM4216-2, IM4248-2, IMG4216-25 and IM4216-34 cm4001-3.8.1u2.flash - version 3.8.1u2 firmware for CM4001 cm4008-3.8.1u2.flash - version 3.8.1u2 firmware for CM4008 cm41xx-3.10.1.flash - version 3.10.1 firmware for CM4116 and CM4148 sd4002-3.9.1.flash - version 3.9.1 firmware for SD4002 and SD4001 sd4008-3.8.1u2.flash - version 3.8.1u2 firmware for SD4008 im4004-3.9.1.flash - version 3.9.1 firmware for IMG4004-5 kcs61xx-3.9.1-512m.bin - version 3.9.1 firmware for KCS6104 and KCS6116 acm500x-3.10.1.flash - version 3.10.1 firmware for ACM5002, ACM5003, ACM5004 and ACM5004-2 acm550x-3.10.1.flash - version 3.10.1 firmware for ACM5504-2, ACM5504-5, ACM5508-2 cms61xx-3.10.1.bin - version 3.10.1 firmware for CMS6100 vcms-3.10.1-*.* - version 3.10.1 firmware for VCMS (see VCMS_deployment.txt) lighthouse-4.4.2-*.* - version 4.4.2 firmware for Lighthouse (see Lighthouse_deployment.txt) Previous Stable releases ~~~~~~~~~~~~~~~~~~~~~~~~ Can be found in the prev/ directory. Beta releases ~~~~~~~~~~~~~ None at this time. Fixes and Features by Version ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Release version 4.4.2 (April 22 2014) (Lighthouse) - Fix issue with ssh:// and tcp:// URLs generated in the management console Release version 3.10.1 (April 7 2014) Console Servers & (V)CMS) - PLEASE NOTE: As of console server firmware 3.10.0, we have replaced the majority of the onboard networking scripts with a single, dependency-based connection management daemon called 'conman'. If you have set up custom networking scripts, they are highly likely to be INCOMPATIBLE and NOT WORK in firmware versions 3.10.0 and higher. It is recommended that upgrades be performed in a test environment before being rolled out to production sites. - Fix Wi-fi WEP passwords being unintentionally changed by the UI - Fix smsd restarting too much when failing over between SIM cards - Fix smsd not being able to be disabled - Fix CDMA modem failover - Fix IP Addresses not being masqueraded correctly on Verizon LTE connections - Fix RPCD locking issue - Fix Pantech UML290 repeatedly receiving the latest SMS - Fix Servertech PDU Multibank UI Issues - Fix dialout modem Interface Actions - Fix Raritan PX2 definition error - Fix LTE connection stability issues - Fix Interface Event Ethernet support - Fix Auto-Response ping check interface selection - Fix dormant failover settings for non-conman devices - Fix RPCD CPU Utilisation Release version 3.10.0 (February 24 2014) (Console Servers) - PLEASE NOTE: As of console server firmware 3.10.0, we have replaced the majority of the onboard networking scripts with a single, dependency-based connection management daemon called 'conman'. If you have set up custom networking scripts, they are highly likely to be INCOMPATIBLE and NOT WORK in firmware versions 3.10.0 and higher. It is recommended that upgrades be performed in a test environment before being rolled out to production sites. - In unconfigured IP settings, eth0:0 is now the static 192.168.0.1 interface and eth0 is the DHCP client interface - Migrate networking code to new dependency based daemon, conman - Add support for triggering VPNs from auto-responses - Add RPC support for Raritan PX2 PDUs - Add a bash .profile for root user - Add more conman and network interface information to support reports - Add cli8895 tool to interrogate internal switch on ACM5504-5 products - Remove NTP monitor support to remove chance of NTP amplification attacks - Remove irrelevant system log messages from rpcd - Improve the speed of an initial bootup after factory erase - Fix RPC status page - Fix issue with migration to Cherokee webserver - Fix Servertech Single Bank support - Fix serial signal auto-responses not triggering - Fix Servertech "No such power device" error - Fix RPC support crashing if /etc/config/powerstrips.xml is present - Fix RPC support sometimes not unlocking serial ports - Fix adding firewall rules adding extra spaces and unclosed tags to config file - Fix SNMP notification for SMS checks - Fix soft-reboot not repowering internal switch on ACM5504-5 - Fix internal powersupply monitoring support - Fix failover on CDMA cell modems - Fix override DNS settings not working on CDMA modems - Fix callback not working after moving dial to conman infrastructure - Fix pantect uml290 modems repeatedly receiving latest sms - Fix unauthenticated telnet access to serial ports - Fix file descriptor leak in snmpstatusd - Fix rpcd showing high CPU utilization - Fix NTP support on mixed IPv4 and IPv6 networks - Fix setting SNMPv3 Engine ID - Fix UPS autoresponses not triggering - Fix Digipower SNMP RPC not showing status in Power menu - Fix ping auto responses getting stuck in triggered state - Fix bad error message for invalid SMS gateway field when configuring autoresponses - Fix incorrect validation errors for hidden autoresponse actions - Fix UPS graphing - Fix modem watchdog interoperation with cellmodem failover - Fix being unable to disable SNMPv1 and SNMPv2 to run in SNMPv3 mode only - Fix portmanager hanging in some circumstances when port logging to remote CIFS servers - Fix inconsistent options between snmpd and snmptrap configuration - Fix enabling debug serial console on ACM550x, ACM550x and IM72xx - Fix rare hang on IM72xx reboots - Fix WEP configuration file and key selection - Fix setting up RPCs where the have parentheses in the RPC type - Fix management lan tab not reappearing after disabling bridged mode on IM4216-34 - Fix LTE modems sometimes not connecting, even when modem appears to be fine - Fix serial pattern match autoresponses all being triggered whenever one occurs - Fix CIFS mounted port logging not reliably working on boot - Fix cases where cellular SMS sending and receiving would stop working after dual SIM failover Release version 4.4.0 (January 14 2013) (Lighthouse) - Add Console Gateway feature to Lighthouse - Fix bulk provisioning issues - Fix infod entry removal - Fix portmanager log message spam - Fix Cherokee so that it doesn't leave tmp files around - Fix VCMS netflash issue with long filenames - Fix Config backup/restore issue through Lighthouse proxy - Fix netstat display of IPv6 and IPv4v6 addresses - Fix issue with IPv6 Firewalling Release version 3.9.1 (December 17 2013) (Console Servers) - Add support for the serial port concentrator in LightHouse 4.4.0 - Add bulk provisioning scripts for rolling out large numbers of devices - Add support for persisting 'log' options in conman.conf - Add support for Raritan PX2 PDUs - Fix sending sms messages when cell modem is a failover interface - Fix Servertech single bank script - Fix cherokee leaving old temporary directories in /tmp - Fix configuration back up through LightHouse web proxy - Fix memory leak in conman Release version 3.9.0u2 (November 21 2013) (Console Servers) - Improve WebUI authentication logging and Auto-Response integration - Add DC power supply support for IM72xx-DDC devices - Fix XHCI errors on IM72xx products - Fix LTE dialout route metric - Fix IM72xx Dial menu labelling issue - Fix TACACS issue with incorrectly padding attributes - Fix migration issues when delayed config commit is enabled - Fix issue with Verizon LTE cellular statistics - Fix issue with adding Serial RPC devices - Fix isse with comma separated email addresses and cellular phone numbers in Auto-Response actions Release version 3.9.0u1 (October 23 2013) (Console Servers, (V)CMS) Release version 4.3.0u1 (October 23 2013) (Lighthouse) - Fix migration issue for webserver configuration Release version 3.9.0 (October 21 2013) (Console Servers, (V)CMS) Release version 4.3.0 (October 21 2013) (Lighthouse) - LH: Add SNMP sysObjectId for Lighthouse - LH/CMS/VCMS: Fix user permissions when using remote groups - Add SNMP sysObjectId for IM72xx products - Add Connection Manager daemon (conman), to manage cellular and dial connections - Add support for failover between dual modem sim cards on appropriate models - Add SNMP table describing status of digital I/O ports - Fix more problems with webserver causing intermittent "500 internal server error" - Fix lower case Kerberos realms being forced to upper case - Fix deleting custom IPSec tunnel attributes causing config errors - Fix nagios checks being incorrectly HTML escaped - Fix TACACSLocal and TACACSDownLocal users being locked out when server is down - Fix sidebar layout changing dimensions while page is loading - Add more diagnostic information to support report for 3G/USB problems - Fix inconsistent naming of digital I/O ports - Fix inforrect display of UML290 IMEI - Fix supurious 'unauthorized access attempted' log messages - Add human-readable descriptions of LTE information preferences - Fix SNMP configuration page incorrectly complaining about no community string - Fix activation of CDMA cellular modems - Fix SNMP MIBs failing syntax checks - Add default sysservices option to SNMP - Switch to the Cherokee web server - Add secure cookie attribute - Fix HTTPS login attempts being logged as '::1 (localhost)' - Fix HTTPS loging auto-responses seeing source IPs as '::1 (localhost)' Release version 3.8.1u2 NOTE: Downgrading from Lighthouse 4.2.0 or console server 3.8.0 (or later) to earlier versions will cause HTTP and HTTPS to stop functioning. To remedy this after the downgrade, you will need SSH access to the device. Connect, and run rm /etc/config/lighttpd.d/https.conf then config -r services Release version 3.8.1u1 (September 2013) (Console Servers, (V)CMS and Lighthouse) - Add FTDI drivers to USB enabled products - Improve the authentication test page group listings - Fix CDMA modem issue on ACM5504-5-GV and GS - Fix IM42xx default config from USB issue - Fix Auto-Response Pattern match not disconnecting users - Fix Serial port labels getting reset - Fix NSCA check to newer NSCA daemon issue - Fix LDAP DN field validation - Fix user changes removing SSH keys - Fix FIPS mode issue - LH: Fix spurious error in syslog from dialpool heath check Release version 3.8.0u2 (September 2013) (Console Servers) (See note above about downgrading from this version) - Fix Kerberos realm being forced to uppercase - Fix network host nagios checks being mangled and escaped - Fix problems with webserver causing intermittent "500 internal server error" NOTE: This release necessitated reverting changes with how we terminate SSL connections and as a result contains the following known issues - Secure cookie attribute is no longer being set - HTTPS login attempts are logged as coming from '::1 (localhost)' - HTTPS login auto-responses will see source IPs as '::1 (localhost)' Release version 3.8.0u1 (August 2013) (Console Servers) (See note above about downgrading from this version) - Add NTLM support to curl - Fix IPSec over LTE cellular connections restarting needlessly - Fix serial port labels being HTML escaped in config - Fix DOS vulnerability in lighttpd (CVE-2012-5533) - Fix generation of wildcard SSL certificates - Fix not allowing whitespace in autoresponse names - Fix setting serial break characters - Fix running a DHCP server on bridged and bonded interfaces - Fix creating portforwards and port rules with bot TCP&UDP selected - Fix IPv6 HTTPS access to the web configuration UI. Release version 3.8.0 (July 2013) (Console Servers) (See note above about downgrading from this version) - Add error messages when running invalid configurators from command line config tool - Add secure cookie attribute when using HTTPS - Add more cellular status information and settings - Fix failover with bridged and bonded interfaces on the IM4216-34 - Fix IMPI RPC status command - Fix problems with retrieving stats from Pantech UML290 cellular modem - Fix modem watchdog for LTE modems - Fix cascading issues with port 1 on ACM slaves - Fix link monitoring on ACM500x and ACM550x models - Fix serial port logs not taking timestamp size into account when rotating - Fix CDMA modems misreporting provisioning status - Fix 5th argument not being passed to custom auto-response actions - Fix TACACSDownLocal authorization interaction with local groups - Fix unclear definition of TX/RX for logging levels - Fix deletion of configured NTP servers - Fix TACACSDownLocal authorization interaction with local groups - Fix migration to add root user to config.xml - Fix problems with side bar in web configuration cgi being too narrow - Fix problems with invalid characters in group names - Fix minor page formatting error on SNMP page - Fix Nagios event auto-response to use nagios configured host name. - Fix security vulnerability CVE-2012-2944 in NUT - Fix cases where we had potential XSS vulnerabilities - Other security fixes Release version 4.2.0 (July 24 2013) (Lighthouse) (See note above about downgrading from this version) - Add periodic health testing of dialpool connections and modems - Add Auto-response capabilites to Lighthouse - Add improved dialpool support, including auto-modem selection - Add different web banner for Lighthouse product to easily distinguish it from Console Servers - Add error messages when running invalid configurators from command line config tool - Add secure cookie attribute when using HTTPS - Add source IP logging for web configuration cgi login - Fix modify user console server command - user lock/unlock works again - Fix deletion of configured NTP servers - Fix TACACSDownLocal authorization interaction with local groups - Fix migration to add root user to config.xml - Fix problems with side bar in web configuration cgi being too narrow - Fix problems with invalid characters in group names - Fix minor page formatting error on SNMP page - Fix Nagios event auto-response to use nagios configured host name. - Fix security vulnerability CVE-2012-2944 in NUT - Fix cases where we had potential XSS vulnerabilities - Other security fixes Release version 3.7.0u3 (June 3 2013) (Console Servers) - Add sudo support for admin users on IM/ACM devices - Add SMS support for Verizon LTE on ACM5504-5-LV - Fix serial port syslog format changes - Fix multicast issue with IM42xx and CM41xx ethernet drivers - Fix bridging issue on IM4216-34 - Fix NUT detection of Slave DC Servertech PDUs Release version 3.7.0u1 (April 19 2013) (Console Servers) - Fix mangle rules for OOB LTE modems - Fix failed web login exposing version information - Fix FTP transfer of large files sometimes dropping connection - Fix CIFS port log mounting not working - Fix USB port logging - Fix no data appearing after changing from local console to console server mode - Fix CM41xx switch support - Switch to ethtool for monitoring link status on the IM42xx and CM41xx Release version 4.1.0u2 (April 18 2013) (Lighthouse) - Lighthouse: Fix missing dialpool support Release version 4.1.0u1 (April 16 2013) (Lighthouse) - Lighthouse: Fix KVM support for US-based ElasticHosts provider - Fix failed web login exposing version information Release version 3.7.0 (April 12 2013) (Console Servers) Release version 4.1.0 (April 12 2013) (Lighthouse) - Lighthouse: Add support for Lighthouse Standard and Lighthouse Enterprise - Lighthouse: Add support for OpenVPN and IPSec - Lighthouse: Add user configurable firewall support - Lighthouse: Improve speed of upgrades on KVM virtual machines - Lighthouse: Build a USB install key for Lighthouse Standard and Enterprise - Fix ServerTech outlet status reporting - Improve speed of serial port logging - Added support for admin users reading syslog via CLI - Fix vulnerabilites reported in OpenSSL and libPNG packages - Fix support for PDUs with many outlets requiring multiple probes - Fix NUT support for SNMP Servertech multi-tower PDUs - Fix network interface not being correctly configured after config erase - Fix broken modem support on IM42xx platforms - Add improvements to web ui security, including longer session keys - Fix UPS battery voltage auto-responses not resolving - Added support for LTE modems - Added script to setup an IP address per serial port - Fix debug messages appearing in syslog with remote user authentication - Fix specifying /32 peers in IPSec config page - Fix ECIO reporting for the MC5728V modem Release version 3.6.1u1 (March 14 2013) (Console Servers & (V)CMS) Release version 4.0.0u3 (March 14 2013) (Lighthouse) - Add NUT scanner support - Add cycle command for serial Servertech CDUs - Fixed Serial PDU outlet probing - Fixed wording for Pattern Match Auto-Response triggers - (CMS/Lighthouse) Fixed managed Console Server setup with DNS names - Fixed Graph display using Safari on OS X - Fixed Auto-Response Remote UPS triggers - Fixed Auto-Response Environmental trigger issue - Fixed GRE support on ACM/IM devices - Fixed TFTP/FTP support on IM4004 Release version 3.6.1 (Feb 19 2013) (Release for Console Servers) - Add variable outlet probing for Serial RPCs - Fixed flow control issues on serial ports - Fixed Servertech serial RPC issues on 2 and 8 outlet models - Fixed Auto-Response configuration issues - Fixed Port Cascading - Fixed Cellmodem region changin - Fixed outlet status for Cyclades PM10 RPCs Release version 4.0.0u2 (Feb 15 2013) (Release for Lighthouse VM only) Release version 3.6.1 (Feb 15 2013) (Release for VCMS and CMS only) - CMS: Added features from 4.0.0u1 for CMS and VCMS Release version 4.0.0u1 (Feb 1 2013) (Release for Lighthouse VM) - VCMS: Added groups and searching capabilities for console servers and managed devices - VCMS: Added new VCMS dialout support via RFC2217 modems to contact remote console servers - VCMS: Added single sign-on pass-through authentication from VCMS to console servers - VCMS: Added proxied webshell connections from VCMS to console servers and serial ports - VCMS: Added improved security for public cloud deployment - VCMS: Fixed incorrect NTP server installation - VCMS: Fixed run_check fails on post-redundancy console servers - VCMS: Fixed freshness checking still not working Release version 3.5.3u5 (November 8 2012) NOTE: The stable firmware for all console servers is now at least 3.6.1 - If the console servers are being managed via a (V)CMS or Lighthouse appliance, must be first upgraded to 3.6.1 (for (V)CMS) or 4.0.0 (for Lighthouse) at a minimum. NOTE: CMS: With 3.5.3, please upgrade your Opengear CMS install to 3.5.3 FIRST, before upgrading devices under managment to 3.5.3 or later. Failure to do so has the potential to lock users out of the CMS installation. - Fixed issue with 8 bit character corruption with even/odd parity - Fixed issue with web logins that was causing occasional failed logins - Fixed issue with FTP server doing reverse DNS lookups for logging - Fixed issue with command line config backups reporting errors - Fixed issue when deleting users - Fixed issue when setting permissions for network hosts and RPCs - Fixed duplicated log line issue with port and autoresponse logging - Fixed crash in pmshell when FIPS mode is enabled Release version 3.6.0 (October 15 2012) - Added support for CDMA SMS on cellular devices - Added support for wireless AP country and hardware mode selection - Added ACM550x recovery image with other recovery images - Fixed issue when CGI netflash fails (device now reboots) - Fixed issue with the format of SDT host ports stored in config - Fixed issue with occasional authentication failure logging into the web UI - Fixed issues found with the 3.6.0b0 beta firmware: - Wireless AP bridging/bonding configuration problems - Wireless AP large data transfer occasionally causes instability - hwclock not working on some devices - user/group permissions for network hosts/RPC ports not persisting - USB modem device links missing on some devices Release version 3.5.3u4 (October 2 2012) - Added Authenticated NTP support for upstream servers - Fixed issue with network host permitted services - Fixed issue with configuration mutual exclusion with large configurations Release version 3.6.0b0 (September 13 2012) - Added default IP NAT and forwarding for cellular ACMs - Added Wifi AP support for ACM 5504-5 products with wireless cards - Upgraded NUT version to 2.6.2 Release version 3.5.3u3 (September 05 2012) - Fixed issue with multiple LDAP server addresses - Fixed issue with TFTP client - Fixed issue with services configurator - Fixed issue with pmshell only users and SSH direct to ports - Fixed issue restoring config backups - Fixed issue with logging port logs to remote syslog after failover - Fixed bad memory allocation in infod - Fixed crontab -e command - Fixed UPS compatibility hyperlink - Fixed override DNS servers so that server addresses can be left empty - Fixed Port access page not showing correct permissions with unauthenticated telnet Release version 3.5.3u1 (July 27 2012) - Added an new unpowered signal line mode for serial ports, to handle out-of-specification devices drawing excess power - Fixed the command line user-del script - Fixed link from index cgi page to new location to set root password - Fixed issue with cgi authentication session files not being checked correctly - Fixed miscellaneous typographical errors in the configuration cgi Release version 3.5.3 (July 19 2012) - Added support for a default group for TACACS users - Added put '/proc/loadavg' and 'df' in the support report - Fixed enabling FIPS with delayed config commit causing immediate reboot - Fixed serial statistics all showing as zero - Fixed many ssh logins/logins causing wtmp file to fill /tmp Beta version 3.5.3b1 (June 27 2012) - Added support for ServerTech RPC load banks - Added support for USB Consoles (i.e. newer Cisco units) - Added HOST-RESOURCES MIB to SNMP, allows for system uptime reporting - Added support for service names other than raccess for TACACS+ - Added support for running custom cgi web apps on board - Fixed local (i.e. USB) configuration backup and load-on-erase - Fixed remote backup downloads sometimes being truncated - Fixed cron not restarting if it terminated early - Fixed link on index page for setting root password - CMS: Fixed root being described as an unauthorized user - CMS: Fix Nagios Auto-Response checks Beta version 3.5.3b0 (June 06 2012) - CMS: Added for multiple redundant CMS servers - CMS: Fixed scheduled commands not working - CMS: Reduce data traffic for remote devices, now more suitable for 3G - Added new Services page to ease configuration of network services (e.g. FTP, HTTP, Telnet, SSH) - Improved management of root user, now appears in user list in web management console - Added support for custom root password on configuration reset (ACM500x and ACM550x family devices only) - Added support for configuring public key authentication of SSH - Added support for PEAP-MSCHAPv2 WiFi - Improve web management console on mobile devices (e.g. iPhone/iPad, Android) - Improve webshell terminal on mobile devices (e.g. iPhone/iPad, Android) - Fixed display of default gateway routes when added via web management console - Fixed multiple TACACS+ servers, they now work correctly if first is down - Fixed several instances of harmless noise messages appearing in syslog - Fixed instances where new auto-responses were unable to be saved - Fixed display of managed devices outlet numbering Release version 3.5.2u16 (May 4 2012) - Added SMS command enhancements for Auto Response - Added region setting for 3G GSM modems - Added current 3G tech to Cellular Statistics - Added power-cycle support for IP Power 9258 - Support for SD4001 Rev 01 - Fixed sendsms command on IM42xx with cellular modem - Fixed CGI displaying OpenGear on CM/SD4001/2/8 - Fixed DHCP configurator warning message - Fixed pmshell power menu issue - Fixed failover on single port ethernet units - Fixed webterminal issue - Fixed serial port log facility/priority override Release version 3.5.2u14 (April 19 2012) - Fixed cases where some enabled services weren't started until after a reboot - Fixed NTP not being actually being disabled when asked to do so via configuration - Fixed remote ups logging Release version 3.5.2u13 (April 16 2012) - Added modem watchdog that can optionally reboot the unit if sufficient pings fail to a remote host - Added bootloader version string to support report - Added more detail about cell modem and USB subsystems to support report - Fixed CMS: combinations of 3.4.x and 3.5.x managed devices with remote authentication now work correctly - Fixed upgrades from before 3.0.4 causing user's passwords to break - Fixed RFC2217 RS485 mode - Fixed serial signal autoresponse SNMP traps not working - Fixed https in FIPS mode - Fixed remote syslog for port logs breaking emd logging and graphing - Fixed managed device RPC outlets - Fixed harmless configurator error messages after factory erase - Fixed cascading issues with low serial port count slaves (e.g. ACM5004) - Fixed enabling IPSec sometimes braking SNMP - Fixed ability to modify saved auto-response trigger actions - Fixed dyns.cx dynamic dns configuration on the dialin/dialout page - Fixed infrequent and usually harmless SQUASHFS errors during netflash - Fixed CDK builds not being about to be accessed by ssh - Fixed pmshell ~m escape not working with cascaded slaves - Fixed pmshell help not working with cascaded slaves - Fixed pmshell history hot working with cascaded slaves - Fixed ability to add custom udhcpc scripts with /etc/config/udhcpc.script - Fixed debug information appearing in syslog while cascading - Fixed RS485 issues with the top four ports on the ACM5508 - Fixed cases where passwords were being crypted twice or incorrectly removed from /etc/shadow Release version 3.4.1u2 (Mar 30 2012) (Release for ACM5002, ACM5003, ACM5004 and ACM5004-2 only) - Updated release of pre-autoresponse firmware to add support for the hardware watchdog on ACM500x models Release version 3.5.2u12 (Mar 23 2012) (Internal release - not available publicly) - Added support for longer serial numbers - Fixed default baud rate to be 38400 - Fixed USB LED so that it now triggers on USB data transfers Release version 3.5.2u11 (Mar 15 2012) - Improved speed and performance of serial port logging and auto-responses - Fixed SSL vulnerablity CVE-2011-3389 - Fixed config migration issues concering dialin user accounts - Fixed inablity to specify gateway on management lan ports on some devices - Fixed support for IPSec 'leftsourceip' custom option - Fixed dyns.cx dynamic DNS support - Fixed rare cases that could cause firmware upgrades to safely hang - Fixed CMS 'admin' users on managed devices causing them to unregister Release version 3.5.2u10 (Mar 2 2012) (Release for ACM5504-2, ACM5504-5, ACM5508-2 only) - Fixed management lan not appearing in the web management console. Release version 3.5.2u9 (Feb 28 2012) - Added ACM550x-M device support - Fixed remote-only (e.g. RADIUS) pmshell group-based authorization - Fixed logging intervals being incorrect for recording periodic information (e.g. environmental statistics) - Fixed CDK builds not having an sshd user in /etc/config/passwd Release version 3.5.2u8 (Feb 22 2012) (Released for CMS6100 and VCMS only) - Added protection against config cmdline utility corrupting config.xml - Added support for MD5 crypted system passwords - Added idle LED display on ACM500x units - Added CMS log rotation to Nagios log files - Added CMS option to turn off Nagios monitoring for managed devices - Fixed rare circumstance that could corrupt config.xml on upgrade - Fixed SSH keys being recreated if device reboots before all keys initially generated - Fixed TACACS remote group retrieval inconsistencies - Fixed Incorrect daylight savings setting on default timezone - Fixed port logs for port numbers greater than 10 being sent to the wrong file - Fixed CMS failing service checks being interpreted as host checks - Fixed CMS access to managed console servers for non-root users - Fixed CMS call home forwards not working after introduction of restricted shells - Fixed CMS certain configurations not being written out when webserver restarted Release version 3.5.2u7 (Feb 13 2012) - Added ACM550x device support - Added support for DES encrypted TACACS passwords - Added support for setting log level filters for syslog - Added support for setting IPv6 static gateways - Added ethernet statistics to the support report - Added different log size rotation thresholds for different devices - Added AR_DEV_REF macro for custom auto-response scripts - Fixed AR_CHECK_DEV macro custom auto-response scripts - Fixed inablity to disable DHCP server via command line - Fixed editing RPC outlet labels removing SNMP community - Fixed memory leak in web terminal - Fixed TACACS prompting twice for password - Fixed log messages from sierra-gsm-watchdog filling syslog - Fixed migration of dialin config not removing old chap/pap-secrets entries - Fixed spurious malformed line syslog errors when powering off RPC outlets Release version 3.5.2u6 (Jan 25 2012) (Released for ACM5002, ACM5003, ACM5004 and ACM5004-2 only) - Further improve 3G reliabilty - Fix cases where reboots wouldn't complete successfully Release version 3.5.2u5 (Jan 17 2012) - Fixed user configurator excessive logging - Fixed large file incompatibility with tftp32/64 clients uploading - Fixed remote group membership issues when users only have one remote group - Fixed local authentication with TACACSLocal - Fixed NTP vulnerability CVS-20093563 - Fixed RS485 timing issue - Fixed migration of serial alerts - Added SMTP client authentication overrides (allow LOGIN type authentication) - Fixed ACM500x network RX stall under heavy traffic - Improved 3G reliablity w.r.t SMS failures - Fixed CHAP/PAP secrets issues when using delayed config commits - Fixed exposed services and hosts for SDTConnector - Fixed bonding and bridging support on IM4004-5 Release version 3.5.2u4 (Dec 13 2011) (Released for IM4216-34 only) - Added support for the IM4216-34 - Fixed restricted shell interoperability with CMS Release version 3.5.2u3 (Dec 6 2011) - Added support for USB Keyboard/Mice on KCS - Added Kerberos authentication support on IM/ACM/KCS - Added an Authentication Test Page - Added support for specifying authentication type for 3G connections - Added logic to disable serial ports during error conditions (floating serial lines) - Fixed extraneous SNMP log messages - Fixed migration issues coming from early firmware - Fixed TFTPD consistency issues - Fixed USB stick mounting issues on KCS - Fixed SNMP poll differences with EMD and serial signals - Fixed FIPS mode banner issues - Fixed powersupply configurator warning messages - Fixed Auto-Response Repeat Trigger Delay not saving - Fixed Email Body field in Auto-Response Email Action size restrictions - Fixed unauthenticated telnet issues with cascaded ports - Fixed IPSec PFS issues - Fixed speed issues with hosts and users configurator on complex configurations - Disabled SSLv2 due to protocol level security issues Release version 3.5.2u1 (Nov 8 2011) - Fixed migration of users to restriced shells Release version 3.5.2 (Nov 3 2011) NOTE: Under 3.5.2 or later, users that are not members of any groups will not get shell access to the device. To give shell access, add the user to the "user" or "admin" groups. If a user just requires pmshell access, add them to the "pmshell" group. - Added support for having pmshell as default shell - Added pmshell chooser escape command - Added pmshell idle timeout - Added configurable port spacing on pmshell menu - Added multiple dialin and callback user support - Added syslog and more firewall information to support report - Added client side config generation to OpenVPN - Added ethernet bonding support on dual interface devices - Added remote auth support to FTP server - Added MOTD support for Serial/Web Console/FTP - Added Alias IP address support - Added RS485 with echo mode on console servers with RS485 - Added PPTP VPN server support - Added more supported protocols to Firewall rules - Added destination IP matching for DNAT rules - Restricted user shell for users not in the "users" or "admin" groups - Fixed OpenVPN configuration issues - Fixed Portmanager serial signal noise in syslog - Fixed editing users without respecifying passwords - Fixed SNMP alarm traps not including alarm name - Fixed Auto-Response configuration via CMS Proxy - Fixed bash command completion in vi mode - Fixed Cellular technology 2G/3G preferences not changeable from UI - Fixed Auto-response digital IO actions not working - Fixed SIM PIN unlocking not persisting over modem restart Release version 3.5.1u2 (Oct 13 2011) - Added FTP server on IM/ACM/KCS devices - Added repeat delay setting to Auto-Response - Fixed a number of SNMP memory leaks - Fixed an issue with SDT Connector connections for Remote users from CMS Beta - Fixed a ping issue with the modem watchdog script Release version 3.5.1 (Oct 3 2011) - Added support for Blackbox Elite Managed PDU - Added integration support for Auto-Response into CMS - Added support for Sierra Wireless MC5728V module - Added command line IP tunnelling (GRE) support to ACM/IM/KCS devices - Added Migration of existing Alerts to Auto-Response subsystem - Added multiple outlet control for IP-PDU 9108 RPC - Added PDU Export PDU Support - Added Eaton 9140 USB UPS support - Added ServerTech 24 Port PDU support - Added a command line configurable cellular connection watchdog - Fixed Dialout subsystem migration from 3.4.x series firmware - Fixed Dialout reconfiguration of active connections - Fixed built-in VNC client on KCS devices - Fixed default alarm name generation for EMDs - Fixed RS485 TX enable issue on ACM-I devices Release version 3.5.1b0 (Aug 26 2011) - Added support for Sierra Wireless 308 USB 3G modem - Added support for Sierra Wireless 312U 3G modem - Added extra IPSec configuration options for improved interoperability - Added command line utilities for OSPF failover on dual ethernet devices - Added Auto-response framework as a replacement for alerting - Fixed incorrect automatic IPSec route - Fixed unauthenticated telnet cascading issue - Fixed excessive logging when using PortShare encryption or authentication - Fixed connection restart issues on PortShare encryption or authentication change Release version 3.4.1u1 (Jul 27 2011) - Added Wifi Dongle support for IMX series IM42xx devices - Added SMSTools on IMX series IM42xx devices - Added hostname identifier to SMS and Email alert message bodies - Fixed a memory leak in the SNMP daemon - Fixed a race condition with multiple concurrent RADIUS/TACACS+/LDAP users - Fixed an issue with SMS alerting Release version 3.5.0u1 (Jul 7 2011) - Added CMS support for remote authentication - Added TACACS remote group support - Added Windows LDAP "users" group mapping support - Added customizable RPC outlet names - Added drag and drop support to web terminal - Fixed OpenVPN failing to connect to legacy server - Fixed SMS alerts not triggering without email configured - Fixed login form password autocompletion being enabled - Fixed web terminal to cascaded ports - Fixed dialin configurator requiring local and remote IP - Fixed DHCP server configuration issue on IP address change - Fixed serial port "mode" displayed deleted RPC name Release version 3.4.1 (Jun 15, 2011) - Added external cellular support to IM4004-5 - Added WebUI configuration and alerting support for direct SMS transmission on devices with cellular modems - Added x/y/zmodem support on IM4004/IM42xx/KCS61xx/ACM500x devices - Fixed confusing log messages relating to 'monitor' - Fixed utmp issue causing incorrect log messages Release version 3.5.0 (Jun 9, 2011) NOTE: Any existing pre-3.5.x alerts will be migrated to the Auto-Response subsystem, but there is not a 1-1 correlation between the systems, and it is recommended in that upgrades be performed in a test environment first. The logging subsystem has also been rewritten, and logging formats (particularly for Environmental and UPS data) have changed. If these logs are currently being backed-up or machine-parsed, it is recommended that the upgrade be tested before deployment into production. - Added CMS RFC2217/PortShare proxy support - Added CMS node fingerprint inspection support - Fixed CMS uncontactable node causes retrieve Managed Devices to fail - Fixed CMS Nagios service visibility for users in multiple groups - Fixed CMS spurious scrollbars in Nagios - Fixed CMS uncontactable node reports status unknown - Fixed CMS basic TACACS+ support - Fixed VCMS licence key not being accepted under VMware - Fixed VCMS OVF packaging to work around WinZip bug - NOTE: When upgrading VCMS for VMware from an earlier release, use the following procedure to resolve the licence key issue: - Shut down VCMS using System Administration -> Shut Down - Force power off the virtual machine - Edit CMS61xx-vcms-vmware.vmdk on the host system, under "Extent description" change 7791525 to 7807590 Release version 3.4.0u3 (May 20, 2011) - Fixed Forwarding and Masquerade page for IMG4216-25 - Fixed IPv6 on IM4216-25 - Fixed dashboard for non-admin users on devices with internal EMD's - Fixed default Wireless settings - Fixed handling of multiple RFC2217 connections - Added watchdog to IM42xx, CM41xx and IM4004 - Added the ability to send CTRL-H instead of CTRL-? on consoles - Added a default TERM variable to user environment set to dumb - Fixed issue of changing baud rates on ports with existing RFC2217 connections - Fixed port forwarding Release version 3.4.0u2 (March 18, 2011) - Fixed issue with TACACSDownLocal and WebUI access - Fixed issue where refresh links do not work - Fixed error logging issues with Cellular data alerts - Fixed issue with failover when per-serial-port IP script is used - Fixed AZERTY keyboard issue with webshell - Fixed firewalling issue for Call-Home - Fixed SIM unlocking/CDMA provisioning issue - Fixed KCS built-in Firefox config ui - Fixed KCS configuration corruption on unexpected shutdown - Fixed NTPD time update issue - Fixed Baytech RPC support - Fixed Command line config changes by admin users - Fixed DHCP lease pool editing - Fixed log file formatting errors with certain UPSs - Added MAC address matching in Firewall rules - Added DNS information to statistics and support report pages - Added Calling-Station-ID RADIUS attribute support with Telnet - Added support for NFS mounts over TCP - Added IPv6 support for SNMP Release version 3.4.0u1 (February 15, 2011) - Fixed CDK kernel build issues - Added SNMP traps/notifications for data usage alerts - Fixed data usage alert script ALERT_SECONDS value - Fixed issue creating TCP based OpenVPN tunnels - Fixed data logging log settings so that alerts can have a time period of 30 days - Fixed Nagios serial port hyperlinks to point at the new webshell Release version 3.4.0 (February 4, 2011) - Fixed interaction between Trusted Networks and Web Terminal - Added Basic Throughput logging and alerting for cellular modems - Fixed 3G Dongle support issues - Added always Up Dialout support on all products - Added cellmodem CSD dialin support - Added firewall rule improvements and ordering support - Added port forward improvements - Fixed external CDMA dongle authentication issues - Fixed dialout routing and IPSec interaction issues - Fixed modem setup with non-PPP dialin robustness issues - Added static routing support - Added DNS masquerading support - Fixed Web Terminal through CMS proxy issues - Fixed graphing issues with Internet Explorer 7 & 8 Release version 3.3.2u2 (January 13, 2011) - Prevent config corruption with incorrectly encoded characters - Improve DCD signal handling on ACM500x devices - Fix firewall handling of PortForwards with no destination IP - Fix firewall being disabled in some conditions - Fix Port Forward and Port Rule editing issues - Fix IPSec over 3G issue - Fix support for GNUdip DDNS servers - Fix intermittent auth failure for External CDMA dongles - Add a warning if no static leases or pools exist when DHCP server is enabled - Fix deletion of static leases and pools on multi-interface devices - Fix TACACS+ permissions issue using Cisco ACS - Fix Portshare Encryption issue - Fix ACM5003-W Adhoc Wifi issues Release version 3.3.2 (December 14, 2010) - Improved IO-Port Configuration on ACM - Restricted serial protocol configuration to supported devices - Increased Cellular interface stability during configuration changes - Support for Sierra Wireless 598U CDMA Modem - Support for Sierra Wireless C885 GSM Modem - Changed NTP servers to support NTP time serving - Added OpenVPN support to KCS - Fixed TACACS+ support on KCS - Fixed SSL Certificate Downloads by root user - Fixed Fail forward using analog modem - Fixed VNCS firewall rules on KCS - Fixed DHCP configuration issues on ACM5003-W - Fixed Management LAN configuration issues on IM4216-25 - Fixed IPSec Firewall issues - Fixed OpenVPN Firewall issues - Fixed KCS Firewall issues - Fixed KCS Configuration modification issues - Fixed Hexadecimal WPA PSK Support - Fixed EMD issues with negative temperatures on CM4001/8 and SD4001/2/8 - Fixed spurious text output on Local Config Restore Release version 3.3.1 (November 19, 2010) - Added GPS position support - Fixed encryption configuration issues with SNMPv3 - Fixed CMS proxy compatibility - Fixed TFTP server USB mounting - Fixed issues switching between encrypted and plain RFC2217/raw TCP - Fixed spurious port forward rule created by successive saves - Fixed firewall configuration page spuriously applying configuration Release version 3.3.0 (November 5, 2010) - Added advanced firewall and port forwarding configuration - Added masquerading and network forwarding configuration - Added AJAX serial console and system terminal via web UI - Added PortShare encryption and authentication server support - Added SNMP GUI configuration support - Fixed serial port SDT password spuriously autocompleted - Fixed IPv6 firewall rules not not setup after enabling IPv6 - Fixed RSSI units inconsistent between ACM UMTS and CDMA models - Fixed SNMP v3 support - Fixed OG-STATUS-MIB minor type mismatches Release version 3.2.2u2 (November 5, 2010) - Fixed dial-in become Default Route option - Fixed serial DB9 port dial for IM42xx products - Fixed serial port alerts not included in auto-generated Nagios config - Fixed GUI can erroneously report CDMA module not activated Release version 3.2.2u1 (October 27, 2010) - Fixed some MySQL database tables not being flushed on VCMS - Fixed IPv6 support on SD400x and CM400x - Fixed EMD Fahrenheit temperature conversion Release version 3.2.2 (October 23, 2010) - Added support for Tripp Lite SU600RT4U - Fixed IM42xx internal modem at higher baud rates - Fixed IM4216-25 switch cross talk in bridged mode - Fixed Australia/Tasmania time zone - Fixed DHCP default gateway in bridged mode - Fixed UPS monitor issues with repeated on-line/on-battery events - Fixed input, output and load polling for Tripp Lite USB UPSes Update version 3.2.1u2 (September 28, 2010) - Fixed user group migration issue in delayed config commit mode - Added Intel PC-Card modem support - Added serial break reset support for SD4001 Update version 3.2.1u1 (September 17, 2010) - Fixes related to CDMA activation - Added support for CDMA cellular modem on IMX42xx Release version 3.2.1 (September 15, 2010) - Added support for CDMA cellular modem - Added support for UMTS cellular modem on IMX42xx - Added support for 48V DC power supply monitoring on IMX42xx - Added support for VCMS licence key - Fixed support for pmchat serial RPCes - Fixed ACM500x-G spurious emissions from unused DDR clocks - Fixed invalid user group created at first boot - Fixed DHCP client behaviour when failed over - Fixed UMTS cellular modem slow reconnection after soft reboot - Fixed ACM500x-W wireless site survey - Fixed ACM500x-W wireless LED - Fixed remote syslog support on KCS61xx - Fixed switching from serial port console mode -> RFC2217 server mode - Fixed CMS not importing internal EMD status - Fixed dynamic DNS maximum interval field units - Fixed network interface bridging on ACM500x-2 - Fixed CM network down during multicast and broadcast storm Update version 3.2.0u1 (August 17, 2010) - Fixed CMS alert import and triggering Release version 3.2.0 (August 5, 2010) - Added OpenVPN support - Added Zenoss support via ZenPack and SNMP - Added Solarwinds Orion NPM integration via SNMP - Added specifying UID adding user from command line - Added UTC as a timezone - Added group support for improved remote authentication access control - Added option to configure dynamic DNS retries - Added two-factor RSA SecureID support - Added graphing improvements - Added delay configuration commit mode - Added hardware watchdog support on ACM products - Added new UPS support via NUT upgrade - Added "call home", SSH port forwarding GUI - Added CMS support for managing firewalled nodes - Added CMS web proxy for firewalled nodes - Added CMS support for alternate node SSH port - Fixed IM42xx USB support improvements - Fixed "change your password" error after editing password - Fixed large values reported by UPS alerts - Fixed NTPD not making initial time setting with large delta - Fixed 'users' configurator failing if $HOME/.ssh exists - Fixed APC PDU outlet probing - Fixed validation of duplicate permitted services on a Network Host - Fixed config applied twice for some pages - Fixed spurious "possible flash corruption" message on ACM products - Fixed serial power hotkey menu to work with remote authentication - Fixed RADIUS and TACACS admin user environmental graph visibility - Fixed system slow down when monitoring a lot of UPSes and SNMP RPCs - Fixed serial port edits not being applied to running user configuration - Fixed login session timeout - Fixed IM and IMG products not utilizing all available RAM - Fixed CMS not reporting disconnected or broken EMD - Fixed CMS admin user host visibility - Fixed CMS Nagios logging and log rotation - Fixed CMS node NSCA cron job not removed - Fixed CMS sanitization of Description/Notes and Host Name fields - Fixed CMS invalidating password of final user after Retrieve Hosts - Fixed CMS email alerts - Fixed CMS icons - Fixed CMS environmental service check link - Fixed CMS node name validation too restrictive - Fixed CMS menu formatting issue when deleting node - Fixed CMS detected console server drop down to work with all browsers - Fixed CMS undefined checks returning bogus output - Fixed CMS EMD service check formatting Update version 3.1.0u3 (June 25, 2010) - Fixed zero-indexed SNMP table rows issue with Zenoss - Fixed broadband failover to static IP firewall issue - Fixed ACM dual Ethernet management LAN connectivity issue - Fixed ACM dialin user removed after config change Update version 3.1.0u2 (June 10, 2010) - Fixed SNMP v2/3 Environmental Traps - Fixed Local Backup Tab not appearing on IM/IMG/KCS - Fixed KCS Dashboard display - Fixed KCS serial port issues - ports 9 - 16 - Fixed KCS Bootsplash - Fixed TFTP permissions - Fixed Management Lan issue on ACM Update version 3.1.0u1 (June 3, 2010) - Added DNS override fields for dialout connections - Added automatic failover recovery when primary network is restored - Added failover and out-of-band statistics page - Added TFTP server support for serving files > 32MB - Fixed TTY break length to be 500 msec as per Cisco specification - Fixed custom config-post-configurator scripts not running - Fixed web UI access using IPv6 address - Fixed wireless network interface connecting in WPA2 mode - Fixed possible failure detecting internal cellular modem - Fixed possible failure unlocking SIM while connection is enabled - Fixed dialout connections not accepting MSDNS servers - Fixed DNS server handling across multiple connections - Fixed CM41xx missing backup icon - Fixed SNMP sysObjectId to use Opengear enterprise OID - Fixed Nagios NSCA check reporting handling of check timeouts - Fixed KCS configuration migration upgrading from 2.8.x - Fixed KCS serial port cascading automatic key propagation Release version 3.1.0 (May 10, 2010) - Added dynamic DNS support for broadband OOB/FO port - Fixed access to web UI using IPv6 address - Fixed IMG4004-5 switch not detecting link - Fixed cascading slave configuration not applied - Fixed network access to cascaded serial ports by port number - Fixed setting IPsec left subnet - Fixed SSH serial port access via OOB interface - Fixed changing Local Console -> Console Server port requiring reboot - Fixed upgrade migration can cause web server to fail to bind ports - Fixed IPsec network to network traffic forwarding rules - Fixed IM42xx-2 system/model name setting - Fixed cellular modem SIM PIN entry - Fixed KCS61xx configuration migration - Fixed SNMP MIBs redefining OIDs when used together - Fixed redefined OIDs when status and trap SNMP MIBs used together Release version 3.1.0b1 (April 7, 2010) - Added support for SD4008 - Fixed SD4001 model naming - Fixed image size: use busybox ftp(get/put), tftp, traceroute and remove mail in favour of msmtp on 8MB flash products Release version 3.1.0b0 (April 2, 2010) - Added SNMP alert status and device status agents - Added external EMD support to ACM products - Added environmental temperature reporting in Farenheit - Added IMX42xx support - Added ACM5004-I RS4xx, digital I/O support - Fixed unable to set real time clock to year 2010 - Fixed RadiusDownLocal blocks local user when RADIUS server is down - Fixed various LDAP authentication issues - Fixed dial-in callback with USB modem - Fixed USB storage on ACM products - Fixed disabled ACM internal sensor displaying on environmental alert - Fixed various UI form field validation issues - Fixed logout button giving false positive under Chrome and Safari - Fixed 'Stop Bits' serial setting - Fixed shared local console/console server port UI layout - Fixed TFTP Server option displayed on products where it is unavailable - Fixed CIFS remote logging not reconnecting after server autodisconnect - Fixed CIFS remote logging on KCS - Fixed CIFS remote logging without username and password - Fixed SNMP MIB lint compliance - Fixed browser fav icon for Firefox and Chrome - Fixed wireless WEP support - Fixed applying wireless settings when editing existing connection - Fixed services being restarted when DHCP lease renewed - Fixed firewall rules being re-applied affecting configurator speed - Fixed LDAP user access to serial ports using LocalLDAP authentication - Fixed failed ping hangs custom portmanager init script - Fixed invalid character validation - Fixed standard SNMP MIBs not available - Fixed naming, syntax and file organization clean ups in SNMP MIBs Update version 3.0.4u1 (March 23, 2010) - Fixed SDT Connector not connecting with password authentication - Fixed PPP using wrong IP address using IPCP negotiation - Fixed sendsms tool Release version 3.0.4 (March 15, 2010) - Added secure services available via OOB/FO connections by default - Added Opengear IP PDU power support - Added pmshell double authentication - Added shadow password support - Added SMS gateway support - Fixed radio enabled when no connection is running - Fixed Environmental Status/dashboard for EMDs containing # characters - Fixed LDAP "can't resolve symbol" error message - Fixed TACACS authentication when client prefers PasswordAuthentication - Fixed timeout configuring NTP - Fixed remote log storage remount after reboot - Fixed wifi statistics site survey on ACM - Fixed internal EMD available as an option when disabled - Fixed noisy web UI logging in syslog - Fixed "Alarm sensor label (null)" in alert email - Fixed DNS servers unavailable when failed over to modem - Fixed "unable to retrieve fingerprint" as a cascading slave - Fixed unknown status for EMD dry contacts - Fixed LDAP group authorization - Fixed remotely authenticated user access to web UI - Fixed USB logging on partionless USB flash drives - Fixed reboot command unavailable Update version 3.0.2u1 (March 10, 2009) - Fixed changing baud rate when no console is enabled Release version 3.0.2 (February 9, 2010) - Added cellular modem module support - Added dynamic DNS support - Fixed alerts page not displaying properly - Fixed kernel messages displayed in console server mode - Fixed remote system logging not logging - Fixed remote system logging not starting after enable - Fixed error editing or deleting groups - Fixed SSL mode connecting to legacy SMTP server - Fixed UI formatting for internal sensors - Fixed USB modem configuration path - Fixed USB flash drive Port Log storage - Fixed recovery booting images > 8MB Release version 3.0.1 (January 8, 2010) - Added support for FIPS mode for ACM family - Fixed RADIUSDownLocal authentication allowing local auth - Fixed HTTPS allowing weak ciphers - Fixed Tripp Lite SNMP RPC not probing outlets - Fixed Management Console occasionally not completing to load - Updated default SSL certificate Release version 3.0.0 (December 22, 2009) NOTE: Before upgrading from 2.x series firmware to 3.x series firmware, it is critical that you back up any existing configuration. Downgrading 3.x series firmware to 2.x series firmware requires a FACTORY ERASE before the unit will permit you to login. - Added support for the ACM500x family Update version 2.8.2u1 (January 21, 2010) - Added SD4001 support - Fixed UPS support on serial port 1 for SD4002 - Updated default SSL certificate Release version 2.8.2 (January 6, 2010) - Added IPSec VPN support - Added support for Opengear Monitor - Added support for FIPS mode for IM and IMG family - Added ability to log serial TX or RX only - Added support for multiple NTP servers - Fixed ntpd occasionally not starting up - Fixed Server Technology Sentry Switched CDU 'on' command - Fixed DHCP server running when bridging is enabled - Fixed aborted power menu session causing pmshell to hang - Fixed Telnet source IP logging - Fixed ambiguous "respawning too fast" message - Fixed network down during multicast storm - Fixed remote logging not using millisecond timestamps - Fixed DHCP default gateway occasionally not set after erase - Fixed RADIUSDownLocal authentication allowing local auth - Fixed pmshell menu for remotely authenticated users - Fixed HTTPS allowing weak ciphers - Fixed Tripp Lite SNMP RPC not probing outlets Release version 2.8.1 (October 5, 2009) - Added USB modem support on IMG4004-5 - Added scripts to add/modify/delete users from CLI - Fixed backup icon missing from CM41xx - Fixed multiple graphs locking up dashboard Update version 2.8.0u2 (August 21, 2009) - Added the ability to upload new SSL certificates - Added a Dashboard for Admin and Root users - Added PC card modem support - Added support for APC RPCs over SNMP - Fixed UPS queries/actions can be very slow - Fixed connection alerts not working for Network Hosts - Fixed chat scrips failing when connecting to Linux - Fixed tftp server requires reboot after configuration - Fixed tftp uploads to USB Update version 2.8.0u1 (July 8, 2009) - Fixed group visibility of outlets and host through UI - Fixed user visibility of managed devices through UI - Fixed EMD Summary display on the KCS - Fixed failing over to the Management LAN makes box uncontactable - Fixed DHCP server on the IM4216-2 - Fixed KCS6104 default local console - Fixed IM4216-2 failover not opening firewall - Fixed level 1 host logging - Fixed EMD dropdowns with blank serial port labels - Fixed NTP client with IPv6 NTP servers - Fixed "alias" missing from auto-generated Nagios server config - Fixed EMD and RPC off box logging - Fixed EMD and RPC log using non human-readable/Unix timestamp - Fixed already set up UPSes still showing in add UPS dropdown - Fixed SNMP community field displayed for serial RPCs - Fixed deleted UPS, RPC, EMD & Host connections stay in Managed Devices - Fixed KCS61xx deleting and re-adding UPS requiring reboot - Fixed enviromon can only be run by root - Fixed KCS61xx IPMI custom config not saving in graphical control panel - Fixed 'Backup' button displaying for unprivileged users - Fixed alarm Sensor SNMP alert requiring reboot to reset - Fixed UPS shut down behaviour on low battery - Fixed CM4001 network RPC and UPS sensor graph - Fixed network RPC -> Log Connections not being set - Fixed RPC driver not stopping when RPC Connection is deleted - Fixed KCS61xx embedded VNC client doesn't show the taskbar - Fixed NTP running after reboot when NTP is disabled - Fixed KCS61xx default system name - Fixed NUT extra driver zip and tar files distribution - Fixed connecting to serial by port number after upgrading Release version 2.8.0 (June 11, 2009) - Added wireless network support - Added ability to run a custom script after any configurator runs - Added remote and local USB configuration backup and restore - Added ability to set alternate user defined default configuration - Added network bridging capability - Added management, logging and alerting of UPSes connected via remote hosts - Added support for multiple email recipients per single alert - Fixed performance issues up when triggering many simultaneous alerts - Fixed excessive environmental logging when system time changes - Fixed HTML formatting of tabs and blank cells - Fixed erroneous appending and truncation of log files - Fixed Citrix ICA not launching on the KCS - Fixed Statistics -> Routes formatting - Fixed sensor graph not displaying for UPSes with spaces in their names - Fixed UPS power status email and SNMP alerts - Fixed nagios-plugins check_ups incompatibility with NUT Update version 2.7.1u1 (May 15, 2009) - Added environmental monitor support for the KCS61xx family - Fixed environmental SNMP alerts - Fixed changing system name not setting hostname Release version 2.7.0 (April 8, 2009) - Added per-user RPC outlet permissions - Added hot key power menu - Added RPC outlet alerts - Added support for SNMP RPCs - Added support to associate host, serial and power using Managed Devices - Fixed editing a networked RPC causes it to be removed - Fixed editing network hosts deletes all networked RPCs - Fixed environmental monitor scheduling - Fixed host visibility through web UI - Fixed sensors stalling when a EMD/RPC/UPS doesn't respond - Fixed RPC/UPS logs page taking too long to display - Fixed port labels not displayed on the users page - Fixed newly added Powerman-controlled RPC startup - Fixed uncontactable sensor logs variable as 0 - Fixed incorrect SMTP settings causes email alerts to retry forever - Fixed web UI default SSL certificate needs updating - Fixed Nagios configurator always re-runs firewall rules - Fixed firmware upgrading CGI doesn't display footer properly - Fixed Manage -> Power buttons are displayed twice - Fixed tabs needed for Network, Serial, Power under Manage -> Devices - Fixed firmware upgrade page shows "Unknown" in page heading Update version 2.6.1u2 (February 27, 2009) - Fixed short host logs not being displayed - Fixed UPS log multiple status formatting - Fixed Powerman-controlled RPC outlet offset - Fixed switch monitor and VLAN tool file permissions Update version 2.6.1u1 (February 12, 2009) - Fixed environmental page adding unnecessary dry contact alarm config - Fixed environmental alerts require logging to trigger - Fixed no environmental status until logs first written - Fixed environmental alert counter not counting alarms - Fixed EMD names with spaces being allowed - Fixed multiple NTP daemons running at once - Fixed name of ifup script to reflect multiple network interfaces - Fixed link to DHCP server not displayed on IM4216-2 - Fixed timezone incorrect after reboot - Fixed bogus error message after upgrading and clicking logo - Fixed several UI wording fix ups Release version 2.6.1 (January 20, 2009) - Added unauthenticated telnet access for serial ports - Added port logs with 1/100th second timestamp - Fixed network switching problem on large networks - Fixed interface failover alerts (manual config only) - Fixed firewall rules run multiple time when failed over Update version 2.6.0u1 (December 19, 2008) - Fixed environmental status alert formatting - Fixed editing users when no hosts are enabled - Fixed emails addresses with dashes being rejected as invalid Update version 2.6.0 (December 14, 2008) - Added support for Baytech IPDUs - Added support for SNMP/XML network UPSes - Added remote UPS log storage - Added RPC Connections GUI - Added SMS via email gateway alert method - Added environmental monitor support - Added environmental, UPS and RPC log graphing - Added simplified cascading setup - Fixed maximum SSH sessions dropping below 48 - Fixed pmshell slow start up time - Fixed upgrading from 2.2.3 reverting to DHCP client mode - Fixed UPS services not restarting when DHCP address changes - Fixed UPS Connections under System menu instead of Serial & Network - Fixed GUI becomes slow with many users and ports - Fixed group accessible hosts not retrievable by SDT Connector Release version 2.5.1 (January 30, 2009) - Added unauthenticated telnet access for serial ports - Added environmental monitor support - Added port logs with 1/100th second timestamp - Fixed timezone incorrect after reboot Update version 2.5.0u3 (September 24, 2008) - Unable to add more than 4 users via remote authentication - Unable to access more than 10 cascaded serial ports per slave simultaneously Update version 2.5.0u2 (September 4, 2008) - Added support for the KCS61xx family Update version 2.5.0u1 (August 15, 2008) - Fixed menu issue with group permissions - Fixed RAW mode issue with IPv6 - Fixed memory leak in portmanager - Fixed trusted Networks issue with IPv6 - Fixed frame in a frame bug triggered by cascading Release version 2.5.0 (July 25, 2008) - Added IPv6 support - Updated Management Console GUI look and feel - Improved network status page - Automatically insert equals between UPS driver option and argument - Fixes for adding and removing users from groups - Fix network settings migration from 2.3.x - Fix for enabling monitored UPS - Updated network page nomenclature Update version 2.4.2u1 (June 25, 2008) - Brought LDAP in line with RADIUS and TACACS off-box authentication - Fixed UPS alerts page wording - Fixed USB options being available on CM41xx GUI Release version 2.4.2 (June 23, 2008) - Added off-box authentication using RADIUS and TACACS - Added UPS management and monitoring network services - Added UPS integration into SDT for Nagios - Added graphical UPS status monitoring - Added UPS status logging - Added UPS alert mode - Added option to restrict serial access to one user at a time - Fixes unnecessary USB debug messages being displayed - Fixes cascade connections to remote ports droped on reconfigure - Fixes IMG4004-5 low-speed USB device detection Release version 2.4.1 (May 7, 2008) - Added serial port clustering/cascading support - Added SDT for Nagios support - Added Nagios alert method - Added Nagios host alive checks - Added alerts support for multiple SNMP servers - Added SDT Connector option to Manage: Terminal - Fixes Java terminal issues with Java 6 - Fixes not being able to add user and group with same names - Fixes Wireshark host log compability - Fixes issue adding many users - Fixes issue adding many network hosts on CM400x - Fixes overly restrictive PPP firewalling - Fixes Nagios host checks overwriting other hosts' checks - Fixes dial-in default route option not being set - Fixes DHCP server on IMG4004-5 - Fixes issue with Nagios names that are long or containing spaces - Fixes slow configuration loading speed issue - Fixes incorrect default Nagios address on IMG4004-5 - Fixes "Unknown" failover interface being listed on IMG4004-5 - Fixes user added alert scripts not being run - Fixes SDT SSH connection alerts not being triggered - Fixes Management LAN not including OOBFO port on IMG4216-25 - Fixes additional Nagios host checks not being applied - Fixes failover to internal modem - Fixes alerts on serial port numbers > 32 not being triggered on CM4148 Update version 2.3.1u3 (October 20, 2007) - Fixes Network Host logging format problem. - Fixes firewall incorrectly blocking traffic over modem and other PPP links. - Fixes CDK build problems. Update version 2.3.1u2 (October 16, 2007) - Added SSH & HTTPS capability into Cayee firmware Update version 2.3.1u1 (October 13, 2007) - Fixes DHCP client configuration migration issue. Release version 2.3.1 (October 1, 2007) - Added Nagios support enhancements. - Added Management LAN / OOB / Failover support for IM4216-25 switch - Added DHCP Server for Management LAN on IM42xx models - Added meaningful status reports for IP Power 9258 - Added APC PDU support to power system - Added Server Technology CDU support to power system - Added the ability to propagate Host descriptions to SDTConnector - Fixes adding multiple groups with the same name - Fixes IP Management Console page timing out - Fixes root not being permitted to SDT everywhere - Fixes admin members SDT privileges - Fixes Japanese Time Zone - Fixes Java SSH Terminal applet not correctly displaying the last line of text - Fixes non-root user connecting to Local Services via SDTConnector - Fixes Traceroute - Fixes broadcast address not being configured properly on interfaces - Fixes a bug where all serial ports were configured for SDTConnector Release version 2.2.3 (April 12, 2007) - Added Nagios support. - Added a serial console selection menu when connecting to portmanager. - Fixes 8 maximum connections to any particular TCP port. - Fixes USA daylight savings changes. - Fixes some malformed HTML in Management Console pages. - Fixes non-root access to portmanager. - Fixes group authorization privileges. - Fixes the portmanager login script for non-root users. - Fixes RFC-2217 server accepting subsequent connections. - Fixes configuration corruption when changing the system password. - Fixes SDT access for non-root users. - Fixes corruption of Group configuration when editing SDT hosts. - Fixes TACACS+ not being selectable from the Management Console. - Fixes cron updates needing a reboot to become active. - Fixes ping for non-root users. - Fixes IPMI for devices not requiring a username and/or password. - Fixes default escape character for portmanager sessions. - Fixes Management Console allowing blank passwords for non-local authorization - Fixes SNMP server not starting when enabled. - Fixes TFTP server not starting when enabled. Release version 2.2.2 (February 8, 2007) - Added SSH key upload capability to the Management Console - Added SSH support to RFC-2217 & Raw TCP serial tunnel clients. - Fixes a problem where innitab entries were being truncated. - Fixes having to reboot before portmanager picks up new accumulation periods. - Fixes spurious data being transmitted over Raw TCP tunnel on reconnect. Release version 2.2.1 (November 20, 2006) - Added Network Host session connection and traffic logging. - Added Network Host connection alerts. - Added UDP services to SDT Network Hosts - Added customizable TCP/UDP services to SDT hosts. - Added group based authentication for consoles. - Added support for IPMI capable network devices. - Added non-root access to local system shell. - Added Terminal Server support via the Management Console (getty configuration) - Added Management Console support for LDAP BINDDN and BINDDN password. - Added Rose UltraPower board support. - Added a command line tool to perform power cycling with. - Added an RFC-2217 client. - Added scriptable console login banner. - Added RS422 option in the Management Console (as well as RS485) - Added IP Failover for the IM42xx. - Added USB Flash Drive logging for the IM42xx. - Added Internal Modem configuration for the IM42xx. - Added TFTP Server for the use with the USB Flash drive on the IM42xx. - Added more system details per Management Console page. - Fixes a problem with TACACS+ support. - Fixes a problem with LDAPS support. - Fixes a problem where mgetty log was filling up temporary file system. - Turn off insecure services such as HTTP & Telnet by default. Update version 2.1.0u7 (November 1, 2006) - Added preconfigured support for IP Power 9258 power strips. Update version 2.1.0u1 (May 9, 2006) - Fixes a problem where 2.1.0 was unable to set 2-Wire (half-duplex) RS485 signaling correctly. Release version 2.1.0 (March 23, 2006) - Added the ability to send SNMP & SMTP alerts/traps based on login/logout, serial signal changes & text pattern match events. - Added tailoring of facility / level for syslog on each console. - Added the ability to add access to all ports for a user with one click. - Added an SSH terminal applet for connecting to a console via the UI. - Added the ability to customize escape character for pmshell. - Added the ability to override default inetd settings. - Added support for RFC-2217 to use the local port settings. Release version 2.0.9 (December 12, 2005) - Added media-independent interface configuration for networking. - Added access to portmanager via TCP port 22 using the following methods: - SSH to username:port02@opengear.address - SSH to username:serial@opengear.address for a port selection option. - Added the ability to change the TCP port base for serial port access. - Added support for CM4002 local console mode toggling. Release version 2.0.8 (November 18, 2005) - Added Secure Desktop Tunnelling for remote VNC / RDP / Citrix access. - Added a mechanism for editing multiple serial ports characteristics siultaneously. - Added the ability to view serial port history via pmshell commands. - Added a "System Location" field to the Management Console. - Added slow baud rate support to the Serial Port Manager. - Email alerts no longer need a configured DNS environment to send mails. Release version 2.0.6 (August 2, 2005) - Added the ability to set IP via ARP - Added place for users to hook in startup items - Turned off the "Connected to portXX" message - Changed dialin support to use mgetty - Updated console driver to support TIOCMBIC - Increased available memory footprint in CM41xx (was only reporting having 32M RAM) and this was limiting 4148 to 30 concurrent ssh connections - Updated passwords protection so they are not stored in plain text in the XML configuratiion - Fixed problem with UI syslog output not escaping HTML characters - Fiixed a modem answering but not connecting problem - Changed UI in: "Serial Port->Users" to provide a summary view of User configuration "Alerts & Logging->Serial Port Log" where system log page refered to "NFS Server" "Administration->Date & Time" to reposition timezone form and fix system time display "Network->Dial-In" to allow user-specified init script for modems Update version 2.0.4u1 (July 7, 2005) - Fixed remote logging via CIFS (windows file sharing) which now formats data in an MS Windows compatible format. Release version 2.0.4 (July 2, 2005) - Added user labeling for serial ports. - Added a serial port log buffer display to the Management Console. - Changed the default flow control for external ports from hardware to none. - Changed the Management Console "Statistics" sub-menu to "Status". - Fixed a permissions problem with non-root users performing SSH public key authentication. - Fixed a defect with serial port diagnostic software interactng with the Port Manager service. - Fixed dial-in user-interface so secret file could never contain a blank secret. - Fixed dial-in user-interface configuration of the PPP daemon for software flow control. - Fixed a defect in the Port Manager service which was incorrectly denying access to serial ports 33 - 48 on the CM4148. - Fixed serial port log buffering to only store TX log for serial ports it is configured to.