EdgeRouter software release v1.9.1


More details can be found in the release notes below. I would like to thank everyone for their participation in the community, as always helping with testing, reporting issues, providing feedback, suggestions! We certainly could not have done it without you Thank you very much!
[Release Notes v1.9.1]
Changes since v1.9.0
New features

  • [FW Update] Add automated firmware update check. This is just a first step in providing automated firmware updates and current functionality only checks for update but does not download actual firmware. Complete automatic firmware update funtionality will be provided in future release.

Enhancements and bug fixes

[Web UI] Fix bug when app categories were not showing up in basic queue in safari. Discussed here

  • [Web UI] Fix EdgeOS compromise due to XSS in encoder error handling
  • [Web UI] Fix IP address validation bug in “Load Balancing2” wizard

[Web UI] Fix broken dashboard in Firefox. Discussed here

[Web UI] Fix bug when “Basic Setup” wizard with dhcp & vlan generates wrong NAT config. Discussed here

  • [BGP] Fix bug when “ribd” was constantly consuming 10% CPU with full BGP routing table. Discussed here

[Routing] Fix random “nsm” daemon crash when multiple interfaces flap simultaneously. Discussed here

[Routing] Fix incomplete default gateway when pppoe link fails. Discussed here

[Routing] Fix bug when “ribd” was sometimes stuck consuming 100% CPU after link to default gateway failed. Discussed here

  • [Routing] Fix bug when “set ip-next-hop x.y.z.w” route-map CLI command had no effect
  • [Routing] Fix bug when “show ip route” CLI command was showing “Network not in table” error instead of default gateway

[Routing] Fix bug when custom routing tables sometimes were not populated after boot. Discussed here

  • [Routing] Improve memory management in routing daemons (i.e. bgpd, nsm, ribd…).
  • [RIP] Fix wrong RIP distance. Discussed here
  • [VPLS] Show VPLS instance expiration time via “show vpls xxx mac-address” CLI command

[VPLS] Fix kernel crash when VPLS interface loses link. Discussed here

  • [Interfaces] Add VLAN to pseudo-ethernet interface configuration
  • [Interfaces] Allow switch0 to be added to br0 on ER-X
  • [Interfaces] Add “proxy_arp_pvlan” option to VLAN interfaces
  • [Interfaces] Add ipip6 encapsulation to ipv6-tunnel interface
  • [Interfaces] Setup default multicast routes over GRE ipv6 PtP links
  • [Interfaces] The auto-negotiation of SFP port on ER-X-SFP and EP-R6 is changed to enabled by default. Discussed here
  • [CLI] Add warning message when saving config to non-default location
  • [CLI] Change commit-confirm message
  • [DHCP] Fix remote command injection through DHCP request

[DHCP] Fix high CPU load when diffing DHCP lease files. Discussed here

  • [DHCP] Fix garbage output when running “show dhcpv6-pd duid” CLI command on ER-X
  • [DHCP] Fix error when DHCP static lease with dot in name (i.e. “lch.cern”) was not written to /etc/hosts and thus could not be resolved by dnsmasq. Discussed here
  • [Firewall] Add vtun6 interface type to mss-clamp6 firewall option
  • [Firewall] Fix bug when “show firewall statistics” CLI command ignored ipv6-tunnel interface

[Kernel] Add fix for CVE-2016-5696. Discussed here

  • [Kernel] Enable “netconsole” on ER-X

[NTP] Remove deprecated “dynamic” NTP option. Discussed here

[IPsec] Fix IPSec over IPv6 conditional expression bug. Discussed here

  • [L2TP] Fix bug when L2TP config was not cleared from ipsec config files after deletion
  • [IPsec] Fix bug when VPN configuration disappears after reboot if ‘dhcp-interface’ has no address. Discussedhere
  • [UPNP] Fix UPnP2 firewall rules
  • [DNSmasq] Fix bug when dnsmasq config becomes corrupted if DHCP server exports static route. Discussed here
  • [LoadBalancing] Fix bug when L2TP interface lost connectivity in load-balancing scenario because connected routes got deleted from load balancing routing tables. Discussed here

Updated software components

  • [Kernel] - Fix CVE-2016-5195 aka “Dirty COW”. Discussed here
  • [PHP] - Upgraded PHP to 7.0.12. Fix: CVE-2016-7418, CVE-2016-7417, CVE-2016-7416, CVE-2016-7414, CVE-2016-7413, CVE-2016-7412, CVE-2016-7411, CVE-2016-7134, CVE-2016-7133, CVE-2016-7132, CVE-2016-7131, CVE-2016-7130, CVE-2016-7129, CVE-2016-7128, CVE-2016-7127, CVE-2016-7126, CVE-2016-7125, CVE-2016-7124

Known issues

  • [IPSec] IPSec ofload on ER-X/ER-X-SFP/EP-R6 platforms is causing packet corruption of L2TP and IPV6 site-to-site VPN traffic. Discussed here and here. If you are using either L2TP or IPv6 site-to-site VPN then you should disable IPSEc offload:set system offload ipsec disablecommitsavereboot
  • [Interfaces] The auto-negotiation of SFP port on ER-X-SFP and EP-R6 is changed to enabled by default. Discussed here. This change may affect the SFP link. If you need fixed 1000/full on eth5, please configure it via CLI:
    set interfaces ethernet eth5 speed 1000set interfaces ethernet eth5 duplex full固件硬件加速ipsec是否开启的问题?

[Interfaces] Add VLAN to pseudo-ethernet interface configuration


虚拟接口配置vlan ,虚拟接口可用在一线多拨


























官方最新版固件:EdgeRouter X v1.9.7