Legacy Open Mesh: Legacy Access Point firmware release notes

Topic

This article lists pre-6.2.x firmware releases for Open Mesh Access Points.

Environment

• Open Mesh Access Points

Description

Index

• 2017
• 2016
• 2015
• 2014

Previous 6.2 Stable Releases

Release 2017-04-10

Version 6.2.12

• FIX: No internet access on a Gateway AP that's been physically switched to a Repeater AP
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

Release 2017-03-21

Version 6.2.11

• FIX: Repeaters with bridged SSIDs could prevent DHCP assignment to clients
• FIX: Client blocking now properly works on networks without a splash page enabled
• FIX: Addresses a rare condition where repeaters could go offline or into lonely/orphan mode unnecessarily
• FIX: Security updates for CVE-2013-4421, CVE-2013-4434, CVE-2016-3116, CVE-2016-7406, CVE-2016-7408, CVE-2016-7409, CVE-2016-7407
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

Release 2017-03-08

Version 6.2.10

• NEW: Ability to disable Application Reporting (Layer 7 Deep Packet Inspection) for higher throughput on AC-capable devices, especially on bridged SSIDs. Found under Configure -> Advanced
• NEW: Ability to control per-SSID band, i.e. dual-band, 2.4GHz only, 5GHz only
• NEW: 802.11r support for clients that support this faster roaming authentication standard
• NEW: Automatic disabling of DNS intercept (local DNS relay) for all SSIDs which don't have an Alt DNS defined and aren't using client blocking or splash pages
• NEW: Ability to disable "failsafe" protection for when internal/external splash page authentication servers can't be reached
• NEW: Support for future "instant commands" (ping, trace route, etc) that will be included in an upcoming CloudTrax update
• NEW: When a RADIUS authentication server replies with zero values for download/upload throttle or session timeout, we'll now default to what's configured in the CloudTrax network
• FIX: Significant improvements to Band-Steering performance and reliability
• FIX: Several WiFi driver-related issues on 802.11ac devices
• FIX: Corrects a condition where walled garden entries fail to update properly when Alt DNS is specified
• FIX: Bridged SSIDs configured with a VLAN tag will now reliably resolve DNS
• FIX: Prevents a situation where unauthenticated clients could potentially bypass the splash-page
• FIX: Amazon Instant Video (on mobile app) is no longer improperly identified as "Misc Video"
• FIX: Resolves ping packet loss when connected to certain 802.3af POE switches (OM5P-AC only)
• FIX: Addresses a condition where DNS resolution temporarily stops working during AP reconfiguration
• FIX: Cache cleanup of non-voucher sessions has increased from 12 hours to 72 hours, preventing clients from inadvertently being sent to the splash page before their session timeout
• FIX: Prevents a condition where a previously-working repeater could become orphaned when using per-AP channel overrides or auto-channel
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

Previous 6.2 Releases

Release 2017-02-27

Version 6.2 beta 5 (6.2.10)

• FIX: Decrease of CPU usage when Band Steering is enabled
• FIX: Cache cleanup of non-voucher sessions has increased from 12 hours to 72 hours, preventing clients from inadvertently being sent to the splash page before their session timeout
• FIX: Prevents a condition where a previously-working repeater could become orphaned when using per-AP channel overrides or auto-channel
• FIX: When a RADIUS authentication server replies with zero values for download/upload throttle or session timeout, we'll now default to what's configured in the CloudTrax network
• FIX: Additional optimizations and improvements to stability and performance
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

Release 2017-01-26

Version 6.2 beta 4 (6.2.7)

• FIX: Client usage on bridged SSIDs would no longer be reported if Layer 7 DPI (Application Reporting) was also disabled on the network
• FIX: Prevents a rare condition where APs might not re-pair or check-in after upgrading from earlier versions, or after configuration changes to SSIDs
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

Release 2017-01-17

Version 6.2 beta 3 (6.2.5)

• FIX: Significant band-steering stability and reliability improvements
• FIX: Bandwidth throttling now functional when Layer 7 DPI (Application Reporting) is disabled
• FIX: Fixes several WiFi driver-related issues on 802.11ac devices (MR1750/OM5P-AC)
• FIX: Addresses a condition where DNS resolution temporarily stops working during AP reconfiguration
• FIX: Continued improvements and optimizations to ensure greater uptime and overall performance
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

2016

Release 2016-12-19

Version 6.2 beta 2 (6.2.1)

• FIX: Bridged SSIDs now properly "fast roam" when 802.11r is enabled
• FIX: Corrects a condition where walled garden entries fail to update properly when Alt DNS is specified
• FIX: Bridged SSIDs configured with a VLAN tag will now reliably resolve DNS
• FIX: Prevents a situation where unauthenticated clients could potentially bypass the splash-page
• FIX: Amazon Instant Video (on mobile app) is no longer improperly identified as "Misc Video"
• FIX: Resolves ping packet loss when connected to certain 802.3af POE switches (OM5P-AC only)
• FIX: Several other underlying optimizations and improvements
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

Release 2016-09-16

Version 6.2 beta 2 (6.2.0)

• NEW: Ability to disable Layer 7 Deep Packet Inspection (DPI) for higher throughput on AC-capable devices, especially on bridged SSIDs. Found under Configure -> Advanced
• NEW: Ability to control per-SSID band, i.e. dual-band, 2.4GHz only, 5GHz only
• NEW: 802.11r support for clients that support this faster roaming authentication standard
• NEW: Ability to disable "failsafe" protection for when internal/external splash page authentication servers can't be reached
• NEW: Automatic disabling of DNS intercept (local DNS relay) for all SSIDs that don't have an Alt DNS defined. Requires the Splash Page be turned off. In order for this to be disabled, you'll need to contact Support. Note: This will disable all Client Blocking for the SSID
• NEW: Support for future "instant commands" (ping, trace route, etc) that will be included in an upcoming CloudTrax update
• NEW: Support for future throughput-based mesh routing provided with B.A.T.M.A.N. version 5
• FIX: Numerous additional performance improvements, bug fixes and optimizations
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled.

Release 2017- 2017-10-18

Version 6.1.4

Last stable 6.1 firmware release

• FIX: WPA2 "Key Reinstallation Attack (KRACK)" exploit (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
• FIX: Dnsmasq remote code execution vulnerability identified by Google (CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2017-14491)
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

Previous 6.1 Stable Releases

Release 2016-11-30

Version 6.1.2 (6.2.1)

• FIX: Corrects a condition where walled garden entries fail to update properly when Alt DNS is specified
• FIX: Bridged SSIDs configured with a VLAN tag will now reliably resolve DNS
• FIX: Prevents a situation where unauthenticated clients could potentially bypass the splash-page
• FIX: Amazon Instant Video (on mobile app) is no longer improperly identified as "Misc Video"
• FIX: Resolves ping packet loss when connected to certain 802.3af POE switches (OM5P-AC only)
• FIX: Several other underlying optimizations and improvements
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

Release 2016-07-19

Version 6.1.1

• NEW: Presence Analytics now offers a "last_seen_signal" value
• FIX: Improved reliability of Ethernet connectivity on the MR-series and OM5P-AC
• FIX: Prevents DHCP packets from being improperly forwarded over LAN on the MR-series
• FIX: Daisy-chained APs show more accurate mesh speeds over their Ethernet link
• FIX: Removes unnecessary host routes on SSIDs that are configured for bridging/VLANs
• FIX: We no longer enable Roaming VLANs on SSIDs that are bridged with a VLAN tag
• FIX: Resolves an issue where the OM5P-AC's 5GHz radio could stop broadcasting
• FIX: Corrects a situation where the OM5P-AC doesn't show TX rate for a 2.4GHz client
• FIX: Temperature monitor properly disables 5GHz radio when excessive heat is reached (OM5P-AC and OM5P-AN only)
• FIX: Many other improvements to overall network configuration and stability, WiFi scheduling, auto-channel, site survey, health-care, and check-in
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

Release 2016-04-08

Version 6.1.0

• NEW: Limited Preview: Presence Analytics API
• NEW: Support for automatic over-the-air downgrades between future stable firmware releases (for example: 6.2 -> 6.1)
• NEW: Compliance for latest FCC hardware certification guidelines on future devices
• NEW: Added compatibility and support for future hardware and associated requirements
• FIX: Various underlying optimizations and improvements
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

Firmware 6.0

Previous 6.0 Beta Releases

Release 2016-02-16

Version 6.0 beta 7

• NEW: Healthcare now auto-reboots repeaters when we're unable to find a default route after 3 successive attempts in a row
• FIX: Corrects a condition where clients connected to an 'open' SSID were being repeatedly disconnected/reconnected and unable to join, and/or repeatedly asked for a password if not an 'open' SSID
• FIX: Corrects an issue where in certain cases DHCP packets of non-bridged clients could bypass our built-in DHCP server
• FIX: Captive portal wasn't restricting access to just those clients defined under the Access Control List as expected
• FIX: DHCP watch process wasn't terminated properly when changing an AP from daisy-chained state to repeater or gateway position
• FIX: Addresses possible IP range collision when using more than 3 SSIDs
• FIX: Prevents the potential hang of an AP on reboot command
• FIX: Additional WiFi driver optimizations
• FIX: Improvements to roaming on non-bridged SSIDs
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

2015

Release 2015-12-14

Version 6.0 beta 5

• NEW: WiFi driver improvements for APs that support VHT80 (MR1750 only)
• FIX: General improvements to over-the-air upgrade process
• FIX: Avoid a condition where the flash memory is filled with temp files
• FIX: Repeaters would cease to check-in but remain online and functional
• FIX: When Alt DNS was configured per-SSID, DNS wouldn't route properly
• FIX: BLA (Bridge Loop Avoidance) is only enabled before bridging of an interface with the LAN, not after, and properly de-activated when un-bridged
• FIX: The broadcast suppression window has been increased for BLA
• FIX: Don't turn off the LAN bridge if a non-enabled SSID is specified for bridging
• FIX: Don't allow VLAN ID configurations outside of the 2-4094 range
• FIX: Clean-up of various system log error messages and debug output
• FIX: Improvements to Auto-channel and Radio modes, ensuring AP models which aren't compatible with VHT20 aren't incorrectly configured with this invalid setting, causing WiFi to not initiate properly
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

Release 2015-11-02

Version 6.0 beta 3

• NEW: Upgrade to a newer OpenWRT platform
• NEW: Support for wildcard domains in the walled garden
• NEW: Support for future over-the-air firmware downgrades
• NEW: Configuration of WiFi is now handled by Netconfigd
• NEW: Route to Alt DNS added if the SSID is bridged
• NEW: Disabling of HTTPAuth & RADIUS accounting messages (UI not available yet)
• NEW: Ability to set password for RADIUS Pre-Authentication messages (UI not available yet)
• NEW: Layer 7 filters for Ad Servers, Steam, and iCloud
• FIX: Numerous additional bug fixes and improvements
• KNOWN ISSUE: Disabling Roaming VLANs results in captive portal being disabled. Allowing users to bypass splash page.

Firmware 5xx

Release 2016-06-14

Version 590

Last stable 5xx firmware release

• NEW: Includes support for revised hardware: OM2P-HSv3
  NEW: Healthcare now auto-reboots repeaters when we're unable to find a default route after 3 successive attempts in a row
• FIX: Corrects a condition where clients connected to an 'open' SSID were being repeatedly disconnected/reconnected and unable to join, and/or repeatedly asked for a password if not an 'open' SSID
• FIX: Ensures that RADIUS client for externally hosted Captive Portals is RFC (2866) compliant for NAS-port and Service-type attribute values.
• FIX: Corrects an issue where in certain cases DHCP packets of non-bridged clients could bypass our built-in DHCP server
• FIX: DHCP watch process wasn't terminated properly when changing an AP from daisy-chained state to repeater or gateway position
• FIX: Don't turn off the LAN bridge if a non-enabled SSID is specified for bridging
• FIX: Addresses possible IP range collision when using more than 3 SSIDs
• FIX: Improvements to mesh throughput reporting

NOTE: Due to higher memory requirements, this version does not support OM1P and MR500 devices, or networks running CoovaChilli. 5xx firmware, combined with the latest CloudTrax 4, includes a new CoovaChilli replacement. This is the last stable firmware release which supports first-gen 32mb OM2P devices.

Release 2015-12-14

version 588

• FIX: BLA (Bridge Loop Avoidance) is only enabled before bridging of an interface with the LAN, not after, and properly de-activated when un-bridged.
• FIX: The broadcast suppression window has been increased for BLA.
• FIX: Improvements to Auto-channel and Radio modes, ensuring AP models which aren't compatible with VHT20 aren't incorrectly configured with this invalid setting, causing WiFi to not initiate properly.
• FIX: Corrects several issues affecting reliability when installing over-the-air upgrades to beta 6.0 firmware (and adds support for future 6.x firmware).

Release 2015-11-10

version 587

• NEW: Support for OTA updates to 6.x beta firmware
• FIX: Corrects an issue affecting reliability when disabling internet check
• FIX: Corrects memory leaks affecting the mesh protocol
• FIX: SSID2 will now properly throttle upstream if SSID1 has throttling off
• FIX: We now send accounting stop when RADIUS client timeout is reached
• FIX: Repeaters would cease to check-in but remain online and functional

Release 2015-10-05

version 586

• NEW: Preliminary support for band-steering (coming soon)
• FIX: Numerous bug fixes and stability enhancements
• FIX: Improvements to our bridge loop avoidance system
• FIX: Turn off WiFi LED when default route is lost
• FIX: Better handling of unsupported RADIUS server attributes

Release 2015-08-11

version 585

• FIX: Numerous bug fixes and memory optimizations
• FIX: Properly re-bridge wired client port when switching to GW mode
• FIX: Ensure when AP Isolation is enabled that clients connected to a repeater cannot ping other clients on the network
• FIX: RADIUS attribute list is no longer dropped when last attribute is from unknown vendor
• NEW: Ensure LED stays red when internet test has failed
• NEW: Added Layer 7 support for HBO Now, and changes to mediafire, thepiratebay, gamefront, ultrashare, teamspeak, ventrilo, iBackup and about.com filters. Removed zshare.net, FilesTube, rapidshare, and kazaa.

Release 2015-07-31

version 584

• FIX: Ensure customer-configured VLAN interfaces are properly initiated
• FIX: Improved Mesh throughput test performance reliability
• FIX: Numerous bug fixes and memory optimizations
• NEW: Layer 7 filters for Amazon video, Yahoo! video, Hulu, Xfinity, ShowTime, and HBO Go. Added improvements for detecting speedtest.net, Netflix, Spotify and Google services.

Release 2015-07-06

version 583

583(July 6, 2015)

• NEW: allow each SSID to have its own alternate DNS setting (requires CT4)
• NEW: netconfigd replaces netifd as central network configuration daemon
• FIX: Enable support for first-gen (32mb) OM2Ps by reducing required memory
• FIX: Fixes issue where wired clients wouldn't always get an IP address
• Numerous additional bug fixes and performance improvements

Release 2015-05-15

version 577

• FIX: Numerous bug fixes and performance improvements

Release 2015-03-05

version 573

• NEW: Reports clients on SSID #2
• NEW: Reports wired clients
• NEW: Device fingerprinting shows the operating system of each client device
• NEW: Layer 7 deep packet inspection to view application usage on the network as a whole
• NEW: Facebook WiFi integration
• NEW: Faster repeater discovery. Access points can find each other more quickly over mesh due to improved scanning
• NEW: Multi-band mesh encryption support
• NEW: Better speed test. Greatly improved repeater-to-gateway speed test is much faster and can handle higher speeds
• NEW: Improved captive portal. Now runs on all access points (APs), not just gateways to avoid gateway congestion
• NEW: Improved AP isolation. Now works on multi-cast traffic, broadcast traffic and wired clients
• NEW: Support for new Open-Mesh access point models
• NEW: Checkin via CloudTrax API
• NEW: DNS changes: to facilitate blocking on bridged SSIDs, 5xx will intercept all DNS queries and resolve them against either the DNS it gets from DHCP or the Alternate DNS in Cloudtrax. If you're using CloudTrax 4, you can add the local DNS server to the SSID that you want it to use.
• FIX: New WiFi driver to reduce reported client disconnects
• FIX: Numerous bug fixes and performance improvements

2014

Firmware 4xx (Legacy)

Last 4xx Stable Release

481 (June 12, 2014)

• NEW: OM2P-HSv2 platform support
• FIX: [OM2P] send ibss probe responses with noack flag to reduce number of sent probe responses
• FIX: [OM2P] process management frames only once per BSS to reduce number of sent probe responses
• FIX: [OM2P] don't drop connections of roaming clients when bridge_mode is disabled
• FIX: [OM1P] disable mesh encryption due to failures in the encryption over time

Note: This is the last firmware version that supports OM1P and MR500 devices. 481 introduces support for the OM2P-HSv2 and significantly improves roaming between gateways. The 400 series firmware introduced a number of new features from 300, including bridge mode, voucher support, blocked user message, client tracking, walled garden, rogue AP scanning, mesh encryption, device chaining mode and vlan tagging.

Previous 4xx Releases

479(January 14, 2014)

• FIX: fallback inet_test uses checkin URL to avoid endless SSL redirect
• FIX: [ng2ng] don't enable ng2ng mesh bridge while running in orphan mode
• FIX: [nds] deactivate oversized thread stack cache
• FIX: [nds] check if kernel module was loaded already to avoid insmod failure
• FIX: [nds] work around the leaking thread stack
• FIX: [coova-chilli] fix DNS regression for chilli and orphan mode
• FIX: [OM2P] fix decrypt_error initialization to avoid decryption problem
• FIX: [OM2P] avoid mangling powersave keys when the chip key cache is filled
• FIX: [OM2P] allow multicast frames on eth1 (dropped by ethernet switch)
• FIX: [OM2P] set fallback to /tmp/resolv.conf for inet_test DNS check in repeater mode

476

• NEW: update fallback dashboard IP to point to server in Oregon
• NEW: send hostname with syslog messages
• NEW: reboot after 6 checkins in orphan mode if no upgrade or mesh key is available
• NEW: [OM2P] print extensive logs when/how a device was rebooted
• NEW: [OM2P] drop unsolicited DHCP broadcast packets instead of forwarding them
• FIX: fix wireless WPA key cache corruption leading to WiFi disconnects
• FIX: ignore case of captive portal variable sent from the dashboard (prevents health care reboot of ticket #618)
• FIX: backport port asprintf memory leak
• FIX: [nds] remove threading for HTTP access to minimize risk for race conditions
• FIX: [nds] deactivate over-sized thread stack cache
• FIX: [nds] check if kernel module was loaded already to avoid insmod failure
• FIX: [nds] work around of the leaking stack of thread
• FIX: [coova-chilli] properly configure LAN block if enabled (closes ticket #593)
• FIX: [OM2P] fix invalid memory access in crashlog potentially leading to a crash
• FIX: [OM2P] stop bridge-in-batman DHCP packet mangling when bridge_netfilter is enabled (ng463 regression)
• FIX: [OM2P] increase beacon interval to 300ms to reduce channel pollution

466

• NEW: [nds] allow walled garden refresh without nds restart
• FIX: avoid running multiple dhcp clients on repeaters
• FIX: remove interface event handler delay to avoid losing events on the LAN
• FIX: launch dhcp watch also when connected to a possible lan
• FIX: avoid lockup by releasing gw lock before exiting in case of memory shortage
• FIX: set dhcp start IP option to not waste 99 IPs from the IP pool
• FIX: [nds] sanatize voucher input
• FIX: [health care] detect if cable is plugged but ignored by the system (closes ticket #485)
• FIX: re-order health care rule processing to run dashboard rules first (closes ticket #499)
• FIX: [OM2P] workaround roaming breakage with bridge mode enabled
• FIX: [OM2P] fix sending DHCP INFORM packets to wrong subnets (e.g. LAN)

459

• FIX: properly handle IP range calculation on gateways with high node ids

458

• FIX: disable bridge loop avoidance completely when bridge mode is disabled (closes ticket #441)
• FIX: uci creash triggered by too long string
• FIX: [OM2P] WiFi stability fixes (closes ticket #439)
• FIX: [wgarden] do not activate wgarden ip verification when coova-chilli is running

456

• NEW: [nds] redirect including node & client mac
• NEW: [checkin] after 12 subsequent alt dashboard timeouts contact dfl dashboard
• NEW: [checkin] alternate dashboard checkin timeout flag
• NEW: [walled garden] periodic DNS update
• FIX: [walled garden] separate /etc/hosts entry from walled garden entries
• FIX: remove accidental restriction of local LAN interface access (closes ticket #229 and #262)