ePipe Pty Ltd Software Release Note ===================== ============================================================================== 2000 Family Flash Firmware Release Note ============================================================================== The latest Flash upgradable firmware updates the ePipe gateways with all of the latest feature additions and bug fixes. These firmware updates are suitable for all ePipe gateways in the 2000 Family. NOTE: There are currently different firmware images for the ePipe 2100 Series and the ePipe 2200 Series. Please ensure you select the correct image. Use the "SHOW SERVER" command to verify the model of ePipe. CONTENTS ======== 1. General 2. Release History _______________________________________________________________________________ 1. General =========== 1.x firmware is compatible with all currently shipping 2000 family units. NOTE: There are currently different firmware images for the 2100 Series and the 2200 Series. Please ensure you select the correct image. Use the "SHOW SERVER" command to verify the model of your gateway. Media Format ------------ The Firmware is delivered in executable and binary file formats. The executable (.exe) is a Windows 95/98/NT/2000 executable file that will prompt you to update a gateway situated on the same network. The binary file is designed to be downloaded to a 2000 series gateway from a TFTP server on the same network. _______________________________________________________________________________ 2. Release History =================== ============== Firmware 2.3.0 ============== Date 28 February, 2002 Ver 2.3.0 Prev 1.0.9 Description of Release ---------------------- This is a general release of the ePipe firmware, but only for the 2200 models, ie the 2202 and 2242. NOTE: There are currently different firmware images for the 2100 Series and the 2200 Series. Please ensure you select the correct image. Use the "SHOW SERVER" command to verify the model of ePipe. Compatibility ------------- This firmware release is compatible with: ePipe 2202 ePipe 2242 New Features and Changes ------------------------ * ** SPECIAL ** Limited SSV/SRA Tunnels for FREE * Automatic fail-over to multiple backup links (modems, ISDN, ADSL) * Support for new AES encryption standard * Support for IKE (Internet Key Exchange) (ePipe 22xx only) * Improvements to the DHCP server * Improved filtering to enhance security * Improvements to the look and feel of the ePipe Management Assistant * Upgrade of embedded operating system to OpenBSD 2.9 * Time based Links * NAT support for E2B-IPSec tunnels Bugs Fixed ---------- 3631 Serial RX lockup on epipe-2000 units 3215 default route across E2B tunnel doesn't work 3507 IKE tunnels with "custom" crypto suites do not work 3534 Creating IKE tunnel causes DOD bundle to be disabled 3539 IKE tunnel with custom crypto cannot use SHA1 auth 3559 Certain ePipe error messages (185, 186) do not work properly 3102 ePipe gui gives poor bandwidth defaults when adding link 3204 Problems with changing links in a bundle 'live' 3331 Enabling a bundle restarts other bundles disabled by retries 3364 filter rules created by GUI are very weak 3654 TFTP filename truncated to 32 characters 2847 ePipe On-line Help Changes 2965 Link or Port config changes may require special intervention 3417 No syntax checking on nameserver names 3434 E2B 'None' encrypt/auth selection causes a warning 3484 E2B loopback route not added routing table on tunnel close 3508 RAW_STATs -> BUNDLES reports incorrect VPN throughput 3546 Can't add DNS servers in static IPoE configuration 3789 Support -> Contacts page still lists German office 3801 passive ftp via I2B fails if Ethernet 1 DOD is toggled on multiple ethernet unit 3470 ePipe GUI still allows setting I2B on Ethernet 1 3250 Doing CONNECT LOCAL PORT n does not connect first time 3777 Command in a tutorial not actually available ============== Firmware 1.0.9 ============== Date 13 June 2001 Ver 1.0.9 Prev 1.0.8 Description of Release ---------------------- This is a general release of the ePipe firmware and supports all existing 2000 models. This release is a bug fix release only. NOTE: There are currently different firmware images for the 2100 Series and the 2200 Series. Please ensure you select the correct image. Use the "SHOW SERVER" command to verify the model of ePipe. Compatibility ------------- This firmware release is compatible with: ePipe 2148 ePipe 2188 ePipe 2181 ePipe 2202 ePipe 2242 New Features and Changes ------------------------ . There used to be code in the ePipe routing daemon to make E2B vpns look like the least cost route to any destination the VPN was connected to. This was in there to assist directly connected ePipes with a VPN just used for bonding. The code has been removed, so the client PPP links used to connect the two ePipes will need to have filters to block RIP traffic across them, so the VPN looks like the only route to the remote destination. (Otherwise, the PPP links and the VPN would be the same cost, and traffic would not be bonded). . A hard coded filter blocking RIP across the VPN was also removed. In addition to changes to the E2B transport mechanism, this means that routes to LAN segments attached to the ePipes at either end of a VPN will now be updated automatically. Bugs Fixed ---------- 2829 ePipe pppd fails connect if remote ppp starts after ePipe 3009 MD5 authentication doesnt work when used with encryption 3261 ePipe I2B service may crash system when any link goes down 3263 ePipe may crash when E2B VPN comes down 3264 monitor commands using the CLI display unnecessary text 3218 DHCP lease renewal on BPA causes link and VPN bundle to disconnect 3291 ePipe PPPoE does not work with PPP protocol compression 3293 NAT rules are sometimes not deleted 3295 ePipe may continue to use stale routes 3309 ePipe may hang when E2B tunnel goes down 3327 deletes routes for active VPN 3333 backspace does not work in ePipe cli ============== Firmware 1.0.8 ============== Date 13 March 2001 Ver 1.0.8 Prev 1.0.7 Description of Release ---------------------- This is a general release of the firmware and supports all existing models. This release is a bug fix release only. NOTE: As this release was made shortly after 1.0.7, it is recommended that the 1.0.7 release information (below) be reviewed in conjuncion with this release. NOTE: There are currently different firmware images for the ePipe 2100 Series and the 2200 Series. Please ensure you select the correct image. Use the "SHOW SERVER" command to verify the model of ePipe. Compatibility ------------- This firmware release is compatible with: ePipe 2148 ePipe 2188 ePipe 2181 ePipe 2202 ePipe 2242 Special Note RE: Firmware Compatibility --------------------------------------- Units with 1.0.7 or later lower firmware images are now unable to be downgraded to 1.0.6 or earlier. ePipe has a lower firmware image (or boot image) and an upper firmware image (normally called the "firmware"). ePipe only releases upper images to customers. Lower images are installed during manufacturing and are not normally upgraded in the field. Units shipping from the factory with the 1.0.7 or later lower image, which will be all units shipped with a firmware version of 1.0.7 or later, will not be able to be downgraded to 1.0.6 or ealier. New Features and Changes ------------------------ - Bug fixes only. See the list below. Bugs Fixed ---------- 3197 - VPN's cause excessive CPU loading in 1.0.7 3211 - Routes for point to point links are not being broadcast via RIP 3212 - Modify Tunnel wizard shows wrong VPN Tunnel Manager screen ============== Firmware 1.0.7 ============== Date 26 February 2001 Ver 1.0.7 Prev 1.0.6 Description of Release ---------------------- This is a general release of the firmware and supports all existing models. This release introduces new features, including DHCP Server and time/day based filter rules, improvements in the GUI and performance, as well as bug fixes. NOTE: There are currently different firmware images for the ePipe 2100 Series and the ePipe 2200 Series. Please ensure you select the correct image. Use the "SHOW SERVER" command to verify the model of ePipe. Compatibility ------------- This firmware release is compatible with: ePipe 2148 ePipe 2188 ePipe 2181 ePipe 2202 ePipe 2242 DHCP Server has been Successfully tested against the following clients: Windows ME Windows 98 Second Edition Windows 2000 Server Win NT 4.0 Win NT 3.51 Win 95 Win 95 OSR2 Win 95 OSR2 + DUN1.2 Win 95 OSR2 + DUN1.3 (With or without Service Pack 1) Whistler (next release of Windows 2000) Linux ISC ePipe (Ethernet 1 only) Special Note RE: Firmware Compatibility --------------------------------------- Units with 1.0.7 lower images are now unable to be downgraded to 1.0.6 or earlier. ePipe has a lower firmware image (or boot image) and an upper firmware image (normally called the "firmware"). ePipe only releases upper images to customers. Lower images are installed during manufacturing and are not normally upgraded in the field. Units shipping from the factory with the 1.0.7 or later lower image, which will be all units shipped with a firmware version of 1.0.7 or later, will not be able to be downgraded to 1.0.6 or ealier. New Features and Changes ------------------------ - Time Based Filter Rules. - DHCP Server. - Support for RFC 2217 and DialOut EZ (from Tactical Software, www.tacticalsoftware.com) - Enhancements to boot code. - Modifications to tftp download system. - Enhancements to PPTP status information and session control. - Virtual links and virtual bundles (both used by E2B VPN tunnels) are no longer shown in the GUI. - Improvements to I2B load balancing and detection of link state. - There are now GUI facilities for IPoE Links to be allocated a static IP address, subnet mask and default gateway to Ethernet port 2. - Various bug fixes. Documentation Changes --------------------- - New or modified CLI commands are as follows: LOGOUT PPTP { ID [number] USER [username] } SHOW INTERNET PPTP { CHARACTERISTICS STATUS } CHANGE DIALER [dialer name] PROTOCOL DHCP { LOCAL ADDRESS [IP address] REMOTE ADDRESS [IP address] SUBNET MASK [mask] MTU [mtu size] NAT { ENABLED DISABLED } CHAP { ENABLED DISABLED RECHALLENGE INTERVAL RETRY COUNT } COMPRESSION { ENABLED DISABLED } CHARACTER MAP [character map] DEFAULT ROUTE { ENABLED DISABLED } FIXED IP { ENABLED DISABLED } } CHANGE INTERNET DHCP SERVER { ENABLED DISABLED IPPOOL { [pool name] NONE } LEASE TIME [value] CLIENT { ETHERNET [ethernet address] ADDR [inet addr] LEASE DURATION [seconds] STATE { OFFERED CURRENT PREVIOUS } } } - MD5 authentication has been removed from the "CHANGE INTERNET E2B" command and from the GUI. - Filter rule syntax has been expanded to include the keywords "time" and "day". Time of Day Filter Rule Details ------------------------------- Rules which only apply at certain times of the day and/or on particular days of the week. The time based filter rules can be appended to a standard filter rule as follows. A standard rule which would allow all outgoing http traffic looks like: tcp tx tcp_dport=http accept 0 tcp rx tcp_sport=http accept 0 If the rule was to be restricted so that it only applied in between the hours of 9:00am and 5:00pm it would become: tcp tx tcp_dport=http time>=9:00 time<=17:00 accept 0 tcp rx tcp_sport=http time>=9:00 time<=17:00 accept 0 NOTE: All time is to be represented in 24 hour notation. Similarly if the above rule was only applicable between Monday and Friday during a week the following conditions would be added to each rule: day>=monday day<=friday NOTE: sunday = 0, monday = 1, tuesday = 2, wednesday = 3, thursday = 4, friday = 5, saturday = 6. Traffic will be accepted if all conditions in any one of the specified rules are met. Due to the linear values of days and time more rules may be needed to specify a time period if it bridges boundary conditions. If for example a rule was required to perform an action on traffic between the days of Friday and Tuesday (Friday, Saturday, Sunday, Monday, Tuesday) the above rule would look like: tcp tx tcp_dport=http day>=friday accept 0 tcp tx tcp_dport=http day<=tuesday accept 0 tcp rx tcp_sport=http day>=friday accept 0 tcp rx tcp_sport=http day<=tuesday accept 0 This would be similar for times of the day which span boundary conditions. Bugs Fixed ---------- 2895 - Firmware Upgrade page BACK button goes to the wrong place 2920 - ALL outgoing ftp fails when bidirectional ftp filter enabled 2945 - SHOW PORT n STATUS command shows status Idle when PPP is active 2996 - Can't change dialout connection authentication protocol 3000 - SHOW DIALERS command doesn't show authentication information 3003 - Association between filter and tunnel is lost when modifying tunnel 3007 - Software flow control doesnt work properly on the ePipe 3014 - ePipe name resolution of internal hosts does not work 3021 - ePipe GUI allows "next" when no check box selected 3026 - v1.0.4 ePipe only allows one link in an E2B connection from a client 3039 - bundles don't respect bandwidth timebases when toggled off and on 3046 - E2B gateways not removed when VPN deleted in GUI 3053 - IPoE links not associated with correct port on 2202 models 3054 - SPI's greater than 2147483647 are invalid but no error is reported 3057 - Cannot see who is connected via PPTP 3061 - Cannot remove PPPoE link Service Name in GUI 3067 - Existing PPPoE link IP Addresses aren't displayed in GUI when modifying link 3071 - Cannot change PPP/PPPoE link IP Address allocation back to dynamic 3076 - empty filter (deny all) doesn't live past reboots 3081 - Cannot add static route to ePipe routing table for some destinations 3082 - ePipe cannot receive RIP updates over point-to-point link 3083 - CLEAR INTERNET GATEWAY E2B does not clear route from active routes 3084 - Static route not added to routing table when PPP link connects 3085 - Route from disabled tunnel appears in routing table 3095 - DNS proxy dies if upstream DNS server refuses connections 3097 - Changing a PPPoE/IPoE link via Advanced > Bundle shows dialup link page 3099 - ePipe GUI does not enable I2B on links created after bundle creation 3109 - Ethernet counters are all zero in SHOW SERVER COUNTERS 3110 - Some FTP and HTTPS sites cannot be accessed via PPPoE link 3115 - telnetd is losing 0xFF on transmission 3131 - Control-C during ping in telnet or console hangs ePipe 3132 - Cannot edit 'specify IP address' from ISP fields after link is created 3145 - PPP DCS connections using PAP assign incorrect remote IP address 3146 - CHAP and Compression not enabled when mask is not default 3153 - 255.255.255.255 subnet mask rejected when specifying IP address for link 3155 - ePipe panics when dial in occurs on PPP Server port 3159 - "upgrade flash image" page in GUI allows blank fields 3163 - Blank DNS server name in GUI is accepted but config fails 3181 - A small window exists where epipe cofiguration may be lost Suggestions added ----------------- 2943 - Add current date and time to ePipe Support Report 3185 - Fixed IP address not required when configuring the server end of a VPN tunnel ==================== ePipe Firmware 1.0.6 ==================== Date 13 November 2000 Ver 1.0.6 Prev 1.0.4 Note: Version 1.0.5 was never publicly released. Description of Release ---------------------- This is a general release of the ePipe firmware and supports all existing ePipe models. This release introduces support for PPPoE which is required for connecting 2200 series models to ADSL. NOTE: There are currently different firmware images for the ePipe 2100 Series and the ePipe 2200 Series. Please ensure you select the correct image. Use the "SHOW SERVER" command to verify the model of ePipe. Compatibility ------------- This firmware release is compatible with: ePipe 2148 ePipe 2188 ePipe 2181 ePipe 2202 ePipe 2242 New Features and Changes ------------------------ - Support for ADSL with the addition of PPPoE. - Minor improvements to the ePipe Management Assistant (web-based GUI) - I2B load balancing improvements - Unexpected ePipe hanging problem fixed (2100 series models). - Various bug fixes Bugs Fixed ---------- 2995 - SIA connections will default to PAP 2997 - SIA CHAP authentication fails due to peer authentication 3005 - Under some conditions I2B doesn't load balance very well 3008 - Incoming PPP not setup correctly through DCS wizard in GUI 3017 - ePipe login with a bad user name gives too much info in error 3023 - Cannot select no NAT or no filter in GUI when NAT rule set or filter exists 3044 - proxy ports displayed incorrectly in "show internet nat" 3072 - Can't disable Default Route on Links via the GUI ==================== ePipe Firmware 1.0.4 ==================== Date 25 August 2000 Ver 1.0.4 Prev 1.0.3 Description of Release ---------------------- This is a general release of the ePipe firmware and supports all existing ePipe models. The overall objective of this ePipe firmware release is to include support for the ePipe-2202 and ePipe-2242 models by adding IPoE* link support for cable modems , add I2B support for multiple TCP protocols, add User Interface support for incoming NAT redirection and incorporate the latest bug fixes. Continuing work on making the Web configuration easier was also performed. * IPoE = IP over Ethernet. Provides DHCP functionality to the 2nd Ethernet port for connecting the port to cable modems. NOTE: There are currently different firmware images for the ePipe 2100 Series and the ePipe 2200 Series. Please ensure you select the correct image. Use the "SHOW SERVER" command to verify the model of ePipe. Compatibility ------------- This firmware release is compatible with: ePipe 2148 ePipe 2188 ePipe 2181 ePipe 2202 ePipe 2242 ePipe 21xx firmware version 1.0.4 is compatible with all existing 2100 Series units and may be loaded into existing 21xx units with either 1.0.1, 1.0.3 (or later beta) firmware. ePipe 22xx firmware version 1.0.4 is a new firmware image and is only compatible with 2200 Series ePipes. New features and changes: - Support for 22xx models. - Firmware now split for 21xx and 22xx models. - 22xx models now have 2MB of flash, while 21xx models have 1MB of flash. - IPoE for 22xx models added. - I2B support for multiple protocols added (not just HTTP). - User Interface support for incoming NAT redirection added. - Ability to not have outgoing NAT. - Dialup Links, IPoE Links and PPPoE links replace dialers. Simply a terminology change. - Additional 'pre-canned' protocols added to the filters wizard. Bugs Fixed ---------- 2516 - Removing account 'all' removes all accounts in ePipe 2630 - ePipe web config won't set AT commands with "&" 2887 - DCS Incoming PPP wizard needs to set port access to dynamic 2915 - cannot clear internet nat entries in ePipe 1.0.3 2916 - Problems with unidirectional flow control 2917 - Anyone can get command line access when RADIUS fallback on 2923 - Executing TFTP config file loses dialer chat script 2939 - PPTP connections stay established after client disconnect 2941 - access local instead of dynamic on DCS Incoming PPP ports 2944 - time since zeroed is corrupt for 'show server counters' 2948 - VPN SPI field allows alpha characters not just numeric 2954 - NONE gets printed on console on 'show internet i2b' 2968 - setting privilege on accounts not saved across reboots 2973 - ePipe GUI suggested encryption key lengths are too short 2977 - Back/Next/Cancel buttons in GUI have inconsistant spacing 2988 - epipe flash upgrade via UI refreshes too soon ==================== ePipe Firmware 1.0.3 ==================== Date 23 June 2000 Ver 1.0.3 Prev 1.0.1 Note: Version 1.0.2 was never released. v1.0.3 superceded v1.0.2. Characteristics --------------- Description of Release: This is a general release of the ePipe firmware and supports all existing ePipe models. Compatible with: ePipe 2148 ePipe 2188 ePipe 2181 ePipe 2202 ePipe 2242 New features and changes: Network Address Translation Feature Changes ------------------------------------------- Ability to add NAT rules to DOD (bundle) setups. This is done in a way very similar to filters: CHANGE/SET/DEFINE INTERNET DOD dodname NAT natname CHANGE/SET/DEFINE INTERNET DOD dodname NAT none CHANGE/SET/DEFINE INTERNET NAT natname ENTRY X RULE "..." CHANGE/SET/DEFINE INTERNET NAT natname INSERT X RULE "..." CLEAR/PURGE INTERNET NAT natname ALL CLEAR/PURGE INTERNET NAT natname ENTRY X IPNAT ... The help page for IPNAT contains a lot of information on NAT rules (HELP IPNAT) but this information is raw and should only be used as a reference for writing the rules for the commands above. All NAT rules required an interface. When entered using "CHANGE INTERNET" the user should place a %s where ever they need the interface to appear. For example, to place normal outgoing NAT on an ethernet interface: CHANGE INTERNET NAT lannat ENTRY 1 RULE "map %s 0.0.0.0/0 -> %s/32" CHANGE INTERNET DOD lan1 DIALER 1 ETHERNET 1 CHANGE INTERNET DOD lan1 NAT lannat Some troublesome protocols require explicit support from the NAT subsystem (the one most commonly encountered is FTP). An example NAT configuration which will support general NAT as above plus FTP proxy mapping: CHANGE INTERNET NAT lannat ENTRY 1 RULE "map %s 0.0.0.0/0 -> %s/32 proxy port ftp ftp/tcp" CHANGE INTERNET NAT lannat ENTRY 2 RULE "map %s 0.0.0.0/0 -> %s/32" CHANGE INTERNET DOD lan1 DIALER 1 ETHERNET 1 CHANGE INTERNET DOD lan1 NAT lannat NAT can also be used to redirect incoming connections to another (internal) host. Note, pay attention to your filter rules, as the incoming traffic must be permitted by the filters. For example, to tunnel external WWW connections to an internal host (here 192.168.80.80), add a redirect rule to the above: CHANGE INTERNET NAT lannat INSERT ENTRY 1 RULE "rdr %s 0.0.0.0/0 port 80 -> 192.168.80.80 port 80" Note: Currently these features are not available for use in the web interface. Bugs Fixed ---------- 2892 - HTTP may listen on incorrect port 2516 - Removing account 'all' removes all accounts in ePipe 2630 - ePipe web config won't set AT commands with "&" 2832 - Error when user picks find ePipe/ESII 2833 - efind utility defaults IP addresses when it shouldn't 2835 - No initial default route installed for DOD setup 2836 - hitting 'Enter' on feature activation page returns error 2837 - empty search term results in confusing results on search 2838 - Port not configured in GUI advanced dialer creation 2843 - Modifying filters can hang the server 2845 - Wrong model id on 4 port units 2851 - Extend/Truport will not work with v1.0.1 ePipe 2857 - Dialer IP addresses are not committing through GUI wizard 2858 - Bundle manager creates a DOD filter called 'No Filter' 2860 - port 2001 unusable for telnet listener when set through web 2861 - Connection Bundle manager settings don't commit on exit 2862 - purge internet gateway returns error and gateway not purged 2863 - Bandwidth form doesn't work properly when editing a DOD 2869 - Deleting a slave DOD via GUI doesn't remove it 2872 - E2Bs DOD not changed when leaving via summary page button 2873 - When editing VPNs, master DOD may be selected as slave. 2876 - Dialer Manager Table shows E2B dialers as able to use por 2877 - ePipe NAT FTP proxy doesn't work 2878 - Disabling individual DOD dialers doesn't work 2881 - Cancel button from Incoming PPP wizard doesn't work. 2882 - VPN manager links to DODs dont lead where expected 2885 - Cancel button from advanced create new DOD doesn't work ==================== ePipe Firmware 1.0.1 ==================== Date 5 October 98 Ver 1.0.1 Prev None Characteristics --------------- Description of Release: This is the initial or first release of the ePipe firmware. Compatible with: ePipe 2148 and 2188. _______________________________________________________________________________ [END]