Conel released new firmware and it is major release. For full release notes please download pdf below.
Here is my hand picked selection of news from this firmware release.
Importnat:
Due to a (fixed) bug in firewall when WAN device is part of bridged interface, caution should be taken when upgrading in following condition:
Condition:
When WAN device was part of a bridged interface, access to that WAN device (https, ssh) was always granted regardless of configuration.
Problem:
If this is your configuration, chances are that you are not aware of this, so the unwanted effect of the bridge firewall fix may render the router unaccessible.
Recommended Action:
Enable access to the web and ssh services before upgrading if you want to retain the behavior (access to the WAN interface).
Added CSRF attack protection
All Conel routers were exploitable via the CSRF vulnerability, so CSRF attack protection is added. CSRF attack (Cross-site request forgery) is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Added support of 4 OpenVPN tunnels
There is a possibility to configure (and create) up to four different OpenVPN tunnels. Previous FW supported only two different OpenVPN tunnels.
Fixed starting IPsec tunnels under heavy load
Starting IPsec tunnels under heavy load was problematic. This is now fixed and working properly
Added support of bridge in backup routes
Since FW 5.3.0, bard (deamon which is responsible for Backup Routes management) supports Default Gateway and DNS on bridged interfaces (e.g. eth0 + ethic).
Upgraded program OpenVPN to version 2.3.8
The Linux OpenVPN implementation was upgraded to higher version.
Upgraded program Openswan to version 2.6.43.1
Openswan – an IPsec implementation for Linux – was upgraded to higher version. It has support for most of the extensions (RFC + IETF drafts) related to IPsec, X.509 Digital Certificates, NAT Traversal, and many others.
Added support of multiuser access
Multiuser access is now supported. It is possible to define two different roles for new users (Admin and User). Router web interface contains Users page in the Administration part of the main menu for managing user accounts.
Added support of DHCP server on all LAN ports
LAN configuration was devided per interface, which means that there are separate forms for Primary LAN, Secondary LAN and Tertiary LAN. Consequently, DHCP server is sup-ported on all LAN ports.
Upgraded program Net-SNMP to version 5.7.3
Net-SNMP – a suite of software for using and deploying the SNMP protocol (v1, v2c and v3) – was upgraded to higher version.