Legacy Open Mesh: Access Point firmware release notes

Topic

This article lists Open Mesh access point firmware release notes.

Environment

  • Open Mesh Access Points

Description

Latest releases are Datto Networking's newest software updates and features available for beta testing. Stable releases are firmware versions that Datto has tested after one release cycle, or after Datto performs testing and validation. All firmware versions lower than the Stable releases become Previous releases.

Latest Release

Release 2019-10-30

Version 6.5.3

Improvements:

  • Improved reliability of Presence Analytics

Bug Fixes:

  • Resolved an issue that could cause an access point's status LED to stay white for long periods of time.
  • Resolved an issue that prevented users from disabling legacy data rate support
  • Resolved an issue that could cause an access point to reboot
  • Resolved an issue that could prevent splash pages from functioning

Vulnerability Fixes:

  • Updated the Linux kernel to address the TCP Sack Panic vulnerabilities (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)
  • Updated OpenSSL to address CVE-2019-1559

Release 2019-05-15

Version 6.5.2

New Features and Improvements:

  • Resolved multiple issues with 802.11r functionality, resulting in improved behavior for some client devices

Bug Fixes

  • Resolved an issue where some access points would consistently show missed check-ins
  • Fixed an issue where wired clients traffic stats were inaccurate
  • Resolved an issue where WiFi scheduling events could occasionally cause DNS resolution to fail (Resolves known issue in 6.5.1 release: WiFi Scheduling events may halt DNS functionality on access points. As a workaround, disable WiFi Scheduling or flash your access point to firmware version 6.4 if the feature is required)
  • Resolved an issue where AP62s could go offline due to a radio configuration problem after being moved to a network in a different country. (Resolves known issue in 6.5.1 release: When moving an AP62 to a network in a different country, the access point may go offline due to a radio configuration problem, requiring a pinhole reset. Refer to What does the reset pinhole on my access point or switch do?)
  • Fixed an issue in which DNS Intercept would not work without the Alternate DNS setting if multiple SSIDs are bridged
  • Resolved an issue where users would be unable to use the logout page when in a splash page's Free Access mode, receiving a "Logout is not possible" error
  • Resolved an issue where Alternate DNS settings were malformed when the Bridge to VLAN setting was used
  • Fixed an issue where switching between the gateway to repeater modes would occasionally cause DNS resolution to fail
  • Fixed an issue where reconfiguring an AP could rarely cause it to get into a bad state where DNS resolution would fail
  • Resolved an issue where RADIUS authentication requests were configured used the incorrect port by default
  • Resolved an issue where check-in would fail if DNS resolution failed (Resolved the known issue in the 6.5.1 release: Access points may crash if they cannot resolve their primary check-in server via DNS, and will not use the fallback server as a result. Afflicted access points will remain offline until DNS is functional again, or until you do a pinhole reset. Refer to What does the reset pinhole on my access point or switch do?)

Release 2018-11-07

Version 6.5.1

Bug Fixes

  • Resolved an issue where A62 access points in Europe failed to check-in

Known Issues

  • When moving an A62 to a network in a different country, the access point may go offline due to a radio configuration problem, requiring a pinhole reset. Refer to What does the reset pinhole on my access point or switch do?
  • WiFi Scheduling events cause DNS to stops working on the access point. Turn off WiFi scheduling or revert back to 6.4 firmware if you must use it
  • When the check-in process is unable to resolve domains via DNS, it will crash, preventing it from checking into fallback servers via IP address. Access point will remain offline until DNS is functional again or a pinhole reset is performed. Refer to What does the reset pinhole on my access point or switch do?

Release 2018-10-29

Version 6.5.0

New Features

  • Client Device Roaming: Added functionality to improve client roaming performance. For more information, see our Client Device Roaming article

Stable Release

Release 6.4.15 (Maintenance update, released as new stable on February 4th, 2019)

Bug Fixes:

  • Resolved an issue which could cause Access Points to check in every ten minutes instead of every five minutes
  • Resolved an issue in which the date defaulted to February 5, 2017 on first boot, causing check-in failure when NTP is broken

Vulnerability Fixes:

  • Update curl to address CVE-2018-16839 and CVE-2018-16842 on ng6.4.x

Known Issues:

  • DNS intercept does not work without Alternate DNS when multiple SSIDs are in a bridged state
  • The http://logout function does not work with Bridge to LAN enabled
Previous Development Releases

6.4.14 - 2018-09-26 - Released as stable on 2018-10-08

Version 6.4.14

Improvements:

  • Improved HTTP fallback handling when the primary server checkin fails.

Vulnerability Fixes:

  • Resolved an issue that impaired access point radio functionality for users in South Africa
  • Resolved an issue that generated false outage reports due to the checkin process crashing
  • Addressed mbedtls security fixes

Known Issues:

  • Hostname reported via syslog might report as "lede", instead of actual hostname
  • Using Backup IP address and Backup Port fields on [Configure > Advanced > Syslog Server] pane will suppress some syslog events
  • http://logout does not work after being pre-authenticated via RADIUS
  • CloudTrax may incorrectly report some clients as having a 169.x.x.x IP address
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1

Release 2018-09-04

Version 6.4.13

Improvements:

  • ntp.cloudtrax.com time server added
  • Updated CloudTrax HTTPS certificates

Bug Fixes:

  • DNS server may crash during reconfiguration
  • Radio may not honor Netherlands radio power limits
  • Firmware may not use fallback server, when checking in fails due to certificate expiration

Known Issues:

  • Hostname reported via syslog might report as "lede", instead of actual hostname
  • CloudTrax may incorrectly report some clients as having a 169.x.x.x IP address
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1

Release 2018-07-16

Version 6.4.11

Improvements:

  • Firmware will now track Snapchat traffic
  • Thermal monitoring to allow A42/A62 to throttle under rare cases where it could overheat

Bug Fixes:

  • AP may reboot due to erroneous healthcare checks or missing interfaces
  • Reduced memory usage on A42/A62
  • APs in some countries could not change channel settings
  • Disabling 5GHz in some countries would fail to work
  • Firmware upgrades could hang and not complete
  • MR1750 radio would fail to work when set to "outdoor" mode
  • Auto Channel Optimization may fail due to invalid scan results
  • Wireless repeaters were rebooting unnecessarily when losing mesh connectivity
  • Band Steering daemon remained running when not needed
  • 40MHz channel width could not be used on mesh interface
  • Roaming VLANs re-enabled after reboot, even when disabled
  • Improved A62 client transmit rate reporting

Known Issues:

  • Hostname reported via syslog might report as "lede", instead of actual hostname
  • CloudTrax may incorrectly report some clients as having a 169.x.x.x IP address.The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1.This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1

Release 2018-05-10

Version 6.4.8

Improvements:

  • All clients are reported when Application Reporting is enabled, even those with 0 bytes of transfer.

Bug Fixes

  • 5GHz Meshing always uses 80MHz channel width, regardless of CloudTrax channel width settings
  • Unblocked clients that were previously blocked via Manage -> Clients may remain blocked until reboot
  • WPA password may not work on SSIDs set to 2.4GHz or 5GHz only
  • Using Alternate DNS with external splash page may cause "Too many redirects" error

Known Issues:

  • Hostname reported via syslog might report as "lede", instead of actual hostname
  • CloudTrax may incorrectly report some clients as having a 169.x.x.x IP address
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off in CloudTrax.
  • Firmware upgrades are intermittently slow or sometimes fail
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1

Release 2018-04-11

Version 6.4.7

Improvements:
  • Allow external splash page pre-authentication to be turned off. GUI

Bug Fixes:

  • Enabling Band Steering may result in high processor load and/or client connection issues

Known Issues:

  • On the A62, the AP might not bring up the DNS server on boot, preventing it from serving clients or upgrading firmware
  • CloudTrax may incorrectly report some clients as having a 169.x.x.x IP address
  • WPA password may not work on SSIDs set to 2.4GHz or 5GHz only
  • Unblocked clients that were previously blocked via Manage -> Clients may remain blocked until reboot
  • 5Ghz Meshing always uses 80Mhz channel width, regardless of CloudTrax channel settings
  • Hostname reported via syslog might report as "lede", instead of actual hostname
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off in CloudTrax
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1

Release 2018-03-12

Version 6.4.6

New Features:

  • Remote syslog server support
  • Removed outdated crypto algorithms from SSH implementation

Bug Fixes:

  • Some clients may report being connected to the wrong band(e.g. 2.4Ghz instead of 5Ghz)
  • "2.4Ghz only" and "5Ghz only" band setting may not be honored if another SSID is set to use the "Both - Combined SSID". The AP may continue to broadcast both bands
  • Disabling Application Reporting breaks throttling on non-bridged SSIDs
  • Some wireless repeaters may report 0 hops on large mesh networks
  • Some APs may stop reporting client traffic
  • Throttling does not work on non-bridged SSIDs with Application Reporting disabled
  • Captive portal may prevent client connections on busy networks due to not clearing its clients list when Application Reporting is disabled
  • Setting throttle to 100mbit/sec resulted in 10mbit/sec throttle
  • Auto channel mode may fail due to incorrect channel values reported by AP

Known Issues:

  • CloudTrax may incorrectly report some clients as having a 169.x.x.x IP address
  • Enabling Band Steering may result in high processor load and/or client connection issues
  • Unblocked clients that were previously blocked via Manage Clients may remain blocked until reboot
  • Hostname reported via syslog might report as "lede", instead of actual hostname
  • The IP address of wired clients is not reported when Application Reporting is turned off
  • 5Ghz Meshing always uses 80Mhz channel width, regardless of CloudTrax channel settings
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off in CloudTrax
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1

Release 2018-01-08

Version 6.4.5

Bug Fixes:

  • Using the SSID Band setting "Both - Unique SSIDs", results in the first character of each SSID name being truncated
  • AP may report N/A N/A for channels, despite broadcasting correctly

Known Issues:

  • Some clients may report being connected to the wrong band(e.g. 2.4Ghz instead of 5Ghz)
  • Disabling Application Reporting breaks throttling on non-bridged SSIDs
  • "2.4Ghz only" and "5Ghz only" band setting may not be honored if another SSID is set to use the "Both - Combined SSID". The AP may continue to broadcast both bands
  • Some wireless repeaters may report 0 hops on large mesh networks
  • Some APs may stop reporting client traffic
  • Setting throttle to 100mbit/sec results in 10mbit/sec throttle
  • Auto channel mode may fail due to incorrect channel values reported by AP
  • The IP address of wired clients is not reported when Application Reporting is turned off
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1

Release 2017-12-27

Version 6.4.4

New Features:

  • Unused splash page images are now deleted automatically from the access point when SSID settings are saved.
  • Bridge Loop Avoidance is now more aggressive to avoid looping scenarios on complex networks.
  • If AP Mesh is disabled, access point will reconfigure channel changes immediately.

Bug Fixes:

  • Facebook WiFi would not pop-up automatically or would be displayed incorrectly on iOS and macOS devices.
  • Clients w/ hostnames may cause malformed JSON, resulting in striped pattern on the outage graph due to check-in failure.
  • External splash pages that worked in 6.3 firmware fail to work on 6.4 firmware due to internal CONN_ERR.
  • SSIDs may fail to broadcast with WiFi Scheduling enabled.
  • Disabled LED lights may turn back on after firmware upgrade.

Known Issues:

  • "2.4Ghz only" and "5Ghz only" band setting may not be honored if another SSID is set to use "Both - Combined SSID". The AP may continue to broadcast both bands.
  • Using the SSID Band setting "Both - Unique SSIDs", results in the first character of each SSID name being truncated.
  • Traffic for wired clients not reported when Application Reporting is turned off.
  • IP address for wired clients not reported.
  • AP may report N/A N/A for channels, despite broadcasting correctly.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.

Release 2017-12-04

Version 6.4.3

New Features:

  • Client IP addresses reported to CloudTrax.
  • Prefer 5Ghz 802.11ac meshing, if available.
  • Firmware upgrade delay reduced and firmware can upgrade when in orphan mode, allowing for faster firmware updates.
  • BATMAN Mesh Protocol reverted to BATMAN IV, due to instability seen with BATMAN V.
  • Bridge multiple SSIDs to LAN. (GUI Coming Soon...)

Fixes:

  • Bandwidth throttling was not always being applied to some clients, when the SSID was bridged to a VLAN or after a WiFi Scheduling event.
  • Upload/Download usage reporting could get reversed.
  • Mesh interface could get set to managed mode, leaving repeaters orphaned.
  • When Status LEDs were turned off, the LEDs would remain off even during reconfiguration or an error events.
  • LED may get stuck showing white color.
  • Channel scan could send incorrect channel values causing Auto channel mode to fail.

Known Issues:

  • "2.4Ghz only" and "5Ghz only" band setting may not be honored if another SSID is set to use "Both - Combined SSID". The AP may continue to broadcast both bands.
  • Disabled LEDs could turn themselves back on after upgrade.
  • Traffic for wired clients not reported when Application Reporting is turned off.
  • IP address for wired clients not reported.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.
  • AP may report N/A N/A for channels, despite broadcasting correctly.
  • Clients w/ hostnames may cause malformed JSON, resulting in striped pattern on the outage graph due to check-in failure.
  • External splash pages that worked in 6.3 firmware fail to work on 6.4 firmware due to internal CONN_ERR.

Release 2017-10-20

Version 6.4.2

Bug Fixes:

  • WPA2 "Key Reinstallation Attack (KRACK)" exploit (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
  • Dnsmasq remote code execution vulnerability identified by Google (CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2017-14491)
  • When using RADIUS for external splash page, you'll no longer see an "[acct_unique] WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent" error in your server logs
  • APs will no longer show “striping” due to an issue causing missed check-ins
Known Issues:
  • "2.4Ghz only" and "5Ghz only" band setting may not be honored if another SSID is set to use "Both - Combined SSID". The AP may continue to broadcast both bands.
  • Repeaters will take longer than normal to finish upgrading?.
  • Disabled LEDs could turn themselves back on after upgrade.
  • AP Mesh on 802.11ac devices is currently limited to 5GHz only.
  • Traffic for wired clients not reported when Application Reporting is turned off.
  • Layer 7 upload/download traffic could be reversed.
  • Bandwidth throttling might not always work.
  • Upload throttling won't work if SSID is bridged to VLAN.
  • A-series LED could be stuck at "white" even after configuration.
  • External splash pages that worked in 6.3 firmware fail to work on 6.4 firmware due to internal CONN_ERR.

Note: Once your network has upgraded to 6.4.2, if you intend to add any additional repeaters with 6.3 or earlier installed, they'll need to be hard-wired first (to get the update) as they can't mesh with an AP on 6.4

Release 2017-10-12

Version 6.4.1

New Features:
  • AP Mesh over 5GHz now supported on 802.11ac devices (A-series, MR1750, OM5P-AC)
  • Airtime Fairness on 2.4GHz, to improve download throughput and provide equal access to clients
  • Throughput-based Mesh routing provided by B.A.T.M.A.N version 5
  • Linux OS change from OpenWrt to LEDE Project (lede-project.org), containing many performance and security improvements

Bug Fixes:

  • FIX: Neighbor RSSI now properly shows within CloudTrax
  • FIX: Increased upgrade partition size to accommodate later 6.4 firmware releases.

Known Issues:

  • "2.4Ghz only" and "5Ghz only" band setting may not be honored if another SSID is set to use "Both - Combined SSID". The AP may continue to broadcast both bands.
  • External splash pages that worked in 6.3 firmware fail to work on 6.4 firmware due to internal CONN_ERR.

Previous Stable Release

Release 2017-10-17

Version 6.3.16

  • FIX: WPA2 "Key Reinstallation Attack (KRACK)" exploit (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
  • FIX: Dnsmasq remote code execution vulnerability identified by Google (CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2017-14491)

Known issues:

  • The Neighbor list might not always be populated, we're aware and working on a fix.
  • Known issue: Upload not throttled when SSID bridged to VLAN.

NOTE: Due to higher memory requirements, this version does not support OM1P, MR500 and OM2Pv1 devices. The OM1P/MR500 are legacy devices and limited to 481 firmware on "legacy" networks only, the OM2P is supported only to 6.1.2, and the OM2P (32 MB) is supported only up to 590 firmware.

More info about supported devices is found here: Legacy Open Mesh: End of Life Policy and Product Matrix

Previous 6.3 Releases

Release 2017-09-25

Version 6.3.15

Changes below since 6.2.12:

New Features:

  • IGMP Proxy support (see Configure -> Advanced)
  • Configuration changes to one SSID won't disrupt other SSIDs
  • External splash page now sends CIP parameter (for client IP) in addition to client_mac
  • Client sessions are now reported back to CloudTrax in the event an AP's local session cache is purged for any reason; this will ensure that the built-in splash-page won't unexpectedly appear prior to the client force timeout or session timeout being reached.

Bug Fixes:

  • Band Steering no longer consumes high amount of CPU preventing clients from joining SSID
  • Bridged clients won't get non-bridged DHCP on initial AP boot
  • Uploaded images to splash page can now support 250 character filenames
  • Improves reliability of automatic self-heal mode changes from Gateway -> Repeater
  • Resolves a situation where disabling DNS Intercept could prevent DNS from working
  • Internet Check better handles when wired clients are connected
  • Certain model POE switches no longer experience gateways switching to repeater
  • Performance of an encrypted SSID would degrade if 802.11r was enabled
  • Redirection from a URL with “res” parameter (to external splash page) no longer causes loop
  • Addresses an edge-case where clients could potentially bypass a splash page (including blocked clients)
  • Logout of a voucher (which isn’t supported) no longer redirects you to www.open-mesh.com
  • FIX: Resolves SSH segmentation fault with Dropbear
  • FIX: Significant improvements to the configuration/reconfiguration of bridged SSIDs (including VLANs)
  • WMM Power Save now works for 802.11n devices in addition to 802.11ac (which was already supported)
  • Change to radio channel is now logged on the AP; log buffer size increased to 128KB
  • Out-of-box 2.4GHz channel, prior to configuration, is now CloudTrax default of 6 instead of 5

Known issues:

  • The Neighbor list might not always be populated, we are aware and working on a fix.
  • Upload not throttled when SSID bridged to VLAN.
  • Download may not get throttled after WiFi Scheduling re-enables SSID.

Release 2017-07-11

Version 6.3.14

Bug Fixes:

  • Images for built-in splash pages are now displaying properly
  • When Internet Check is disabled and AP loses internet (but not DHCP) the SSIDs stay up
  • VLAN changes to an SSID now save without need for reboot
  • Repeaters with bridged SSIDs and no splash page now get LAN IPs as expected
  • Various additional improvements and enhancements

Known issues:

  • Upload not throttled when SSID bridged to VLAN.
  • Download may not get throttled after WiFi Scheduling re-enables SSID.

Release 2017-06-29

Version 6.3.13

New Features:

  • IGMP Proxy support (see Configure -> Advanced)

Bug Fixes:

  • WiFi scheduling works again
  • Client isolation wasn’t always isolating
  • Bandwidth throttling in many cases wasn’t working
  • Improved stability for SSIDs using Band Steering
  • Certain model POE switches no longer experience gateways switching to repeater
  • SSIDs configured for 2.4/5GHz-only broadcast correctly utilize Roaming VLANs
  • 5GHz radio no longer fails to broadcast if using channel 165 prior to next upgrade
  • Performance of an encrypted SSID would degrade if 802.11r was enabled
  • Redirection from a URL with “res” parameter (to external splash page) no longer causes loop
  • Addresses an edge-case where clients could potentially bypass a splash page (including blocked clients)
  • Logout of a voucher (which isn’t supported) no longer redirects you to www.open-mesh.com
  • Resolves SSH segmentation fault with Dropbear

Known Issues:

  • Upload not throttled when SSID bridged to VLAN.
  • Download may not be throttled after WiFi Scheduling re-enables SSID.

Release 2017-05-01

Version 6.3.12

New Features:

  • Client sessions are now reported back to CloudTrax in the event an AP's local session cache is purged for any reason; this will ensure that the built-in splash page won't unexpectedly appear prior to the client force timeout or session timeout being reached.

Known Issues:

  • Upload not throttled when SSID bridged to VLAN.
  • Download may not be throttled after WiFi Scheduling re-enables SSID.

6.3.11 (2017-4-20)

Version 6.3.11

Bug Fixes:

  • Significant improvements to the configuration/reconfiguration of bridged SSIDs (including VLANs)
  • Bridged SSIDs no longer reverse their reported upload/download traffic in CloudTrax
  • Prevent SSIDs from accidentally being bridged to the LAN when in NAT mode
  • Repeaters with bridged SSIDs could prevent DHCP assignment to clients
  • Addresses a rare condition where repeaters could go offline or into lonely/orphan mode unnecessarily
  • WMM Power Save now works for 802.11n devices in addition to 802.11ac (which was already supported)
  • Change to radio channel is now logged on the AP; log buffer size increased to 128KB
  • “Use AP Name” being turned on now correctly changes the 2.4GHz SSID name without a reboot
  • Bandwidth throttling on bridged SSIDs works if you have Application DPI disabled
  • Client blocking now properly behaves on networks without a splash page enabled

Known Issues:

  • Upload not throttled when SSID bridged to VLAN.
  • Download may not be throttled after WiFi Scheduling re-enables SSID.

Release 2017-03-08

Version 6.3.10

New Features:

  • Support for new HW (OM2Pv4, OM2P-HSv4, A-series)
  • Configuration changes to one SSID won't disrupt other SSIDs
  • External splash page now sends CIP parameter (for client IP) in addition to client_mac

Bug Fixes:

  • Out-of-box 2.4GHz channel, prior to configuration, is now CloudTrax default of 6 instead of 5
  • Security updates for CVE-2013-4421, CVE-2013-4434, CVE-2016-3116, CVE-2016-7406, CVE-2016-7408, CVE-2016-7409, CVE-2016-7407
  • Includes all other changes included in 6.2.10 and earlier

Known Issues

  • Upload not throttled when SSID bridged to VLAN.
  • Download may not be throttled after WiFi Scheduling re-enables SSID.

For older releases, please see Legacy Firmware Release Notes.