This is urgent EdgeOS firmware release that contains only security fixes in kernel and IPSec areas. This is almost the same firmware as the v2.0.5 that was published on beta forum 2 weeks ago. The only difference is that in v2.0.6 we additionally upgraded “udapi-bridge” package to latest version v0.7.3 to support new UNMS features.
The ER-X/ER-X-SFP/EP-R6 has more limited storage, and in some cases, an upgrade may fail due to not enough space. If this happens, remove the old backup image first (using “delete system image” CLI command, see here for more details) before doing an upgrade.
More details can be found in the release notes below. Please give it a try if you are interested in the new features/changes to help us test them so that we can get the release out sooner! Thanks very much!
IMPORTANT NOTICE if ER that is used as a gateway in UNMS
Please upgrade UNMS to version v0.14.1/v1.0.0.-beta.5 or higher (UNMS release notes is available here) before upgrading EdgeRouter to v2.0.6, otherwise there is a chance that ER will become unreachable from WAN interface. If this will happen then perform following steps in order to restore connectivity:
Connect to ER from LAN interface via SSH
Commit following command in configuration mode - “delete traffic-control optimized-queue”
Add support for UNMS v1.0
[Kernel] - Fix SACK vulnerabilities in TCP networking stack (CVE-2019-11477, CVE-2019-11478)
[Kernel] - Fix excessive resource consumption flaw in TCP networking stack (CVE-2019-11479)
[IPsec] - Fix potential authorization bypass vulnerabilities in strongSwan (CVE-2018-16151, CVE-2018-16152, CVE-2018-17540)
[Performance] - Throughput degradation by 5-10% when comparing with v1.10.9 firmware with older kernel.
[Offloading] - IPsec and VLAN offloading on ER-X/ER-X-SFP and EP-R6 does not work yet.
[VPN] - L2TP remote access VPN does not work with Android6/7 L2TP clients (but works with Android9 client).
[LoadBalancing] - On ER-X LoadBalancing sometimes fails to recover after switching to failover interface.
[WebGUI] - Sometimes statistics in WebGUI is “freezing” and page refresh is needed in order to wake it up.
[DPI] - Sometimes DPI is reporting wrong rx/tx counters.
EdgeRouter firmware can be installed via CLI, WebGUI or UNMS. Detailed installation instruction is available here.