EdgeRouter software release v1.9.1


#1

More details can be found in the release notes below. I would like to thank everyone for their participation in the community, as always helping with testing, reporting issues, providing feedback, suggestions! We certainly could not have done it without you Thank you very much!
[Release Notes v1.9.1]
Changelog
Changes since v1.9.0
New features

  • [FW Update] Add automated firmware update check. This is just a first step in providing automated firmware updates and current functionality only checks for update but does not download actual firmware. Complete automatic firmware update funtionality will be provided in future release.

Enhancements and bug fixes

[Web UI] Fix bug when app categories were not showing up in basic queue in safari. Discussed here

  • [Web UI] Fix EdgeOS compromise due to XSS in encoder error handling
  • [Web UI] Fix IP address validation bug in “Load Balancing2” wizard

[Web UI] Fix broken dashboard in Firefox. Discussed here

[Web UI] Fix bug when “Basic Setup” wizard with dhcp & vlan generates wrong NAT config. Discussed here

  • [BGP] Fix bug when “ribd” was constantly consuming 10% CPU with full BGP routing table. Discussed here

[Routing] Fix random “nsm” daemon crash when multiple interfaces flap simultaneously. Discussed here

[Routing] Fix incomplete default gateway when pppoe link fails. Discussed here

[Routing] Fix bug when “ribd” was sometimes stuck consuming 100% CPU after link to default gateway failed. Discussed here

  • [Routing] Fix bug when “set ip-next-hop x.y.z.w” route-map CLI command had no effect
  • [Routing] Fix bug when “show ip route” CLI command was showing “Network not in table” error instead of default gateway

[Routing] Fix bug when custom routing tables sometimes were not populated after boot. Discussed here

  • [Routing] Improve memory management in routing daemons (i.e. bgpd, nsm, ribd…).
  • [RIP] Fix wrong RIP distance. Discussed here
  • [VPLS] Show VPLS instance expiration time via “show vpls xxx mac-address” CLI command

[VPLS] Fix kernel crash when VPLS interface loses link. Discussed here

  • [Interfaces] Add VLAN to pseudo-ethernet interface configuration
  • [Interfaces] Allow switch0 to be added to br0 on ER-X
  • [Interfaces] Add “proxy_arp_pvlan” option to VLAN interfaces
  • [Interfaces] Add ipip6 encapsulation to ipv6-tunnel interface
  • [Interfaces] Setup default multicast routes over GRE ipv6 PtP links
  • [Interfaces] The auto-negotiation of SFP port on ER-X-SFP and EP-R6 is changed to enabled by default. Discussed here
  • [CLI] Add warning message when saving config to non-default location
  • [CLI] Change commit-confirm message
  • [DHCP] Fix remote command injection through DHCP request

[DHCP] Fix high CPU load when diffing DHCP lease files. Discussed here

  • [DHCP] Fix garbage output when running “show dhcpv6-pd duid” CLI command on ER-X
  • [DHCP] Fix error when DHCP static lease with dot in name (i.e. “lch.cern”) was not written to /etc/hosts and thus could not be resolved by dnsmasq. Discussed here
  • [Firewall] Add vtun6 interface type to mss-clamp6 firewall option
  • [Firewall] Fix bug when “show firewall statistics” CLI command ignored ipv6-tunnel interface

[Kernel] Add fix for CVE-2016-5696. Discussed here

  • [Kernel] Enable “netconsole” on ER-X

[NTP] Remove deprecated “dynamic” NTP option. Discussed here

[IPsec] Fix IPSec over IPv6 conditional expression bug. Discussed here

  • [L2TP] Fix bug when L2TP config was not cleared from ipsec config files after deletion
  • [IPsec] Fix bug when VPN configuration disappears after reboot if ‘dhcp-interface’ has no address. Discussedhere
  • [UPNP] Fix UPnP2 firewall rules
  • [DNSmasq] Fix bug when dnsmasq config becomes corrupted if DHCP server exports static route. Discussed here
  • [LoadBalancing] Fix bug when L2TP interface lost connectivity in load-balancing scenario because connected routes got deleted from load balancing routing tables. Discussed here

Updated software components

  • [Kernel] - Fix CVE-2016-5195 aka “Dirty COW”. Discussed here
  • [PHP] - Upgraded PHP to 7.0.12. Fix: CVE-2016-7418, CVE-2016-7417, CVE-2016-7416, CVE-2016-7414, CVE-2016-7413, CVE-2016-7412, CVE-2016-7411, CVE-2016-7134, CVE-2016-7133, CVE-2016-7132, CVE-2016-7131, CVE-2016-7130, CVE-2016-7129, CVE-2016-7128, CVE-2016-7127, CVE-2016-7126, CVE-2016-7125, CVE-2016-7124

Known issues

  • [IPSec] IPSec ofload on ER-X/ER-X-SFP/EP-R6 platforms is causing packet corruption of L2TP and IPV6 site-to-site VPN traffic. Discussed here and here. If you are using either L2TP or IPv6 site-to-site VPN then you should disable IPSEc offload:set system offload ipsec disablecommitsavereboot
  • [Interfaces] The auto-negotiation of SFP port on ER-X-SFP and EP-R6 is changed to enabled by default. Discussed here. This change may affect the SFP link. If you need fixed 1000/full on eth5, please configure it via CLI:
    set interfaces ethernet eth5 speed 1000set interfaces ethernet eth5 duplex full

1.9.1.1固件硬件加速ipsec是否开启的问题?
#2

[Interfaces] Add VLAN to pseudo-ethernet interface configuration
请问下这个是什么功能?:slight_smile:


#3

虚拟接口配置vlan ,虚拟接口可用在一线多拨
https://bbs.ui.com.cn/t/edgerouter/42995/1


#4

原来是这样。这个版本发布了吗?官网我好像找不到。


#5

Google一下肯定搜得到


#6

:L…这也要出国?


#7

问下楼主,是这个吗?12.22的
1.png


#8

国外链接下载好慢啊


#9

搜索东西第一个想到的肯定是Google
如果是Google搜索不到(比如这样或那样的客观原因),那么再考虑别的搜索引擎


#10

为啥不给下载了?:frowning:


#11

请访问www.ubnt.com.cn/download666.jpg


#12

感谢!
顺利升级


#13

如果开启IPSec会怎样呢?


#14

有更新了?QQ截图20170612081346.png


#15

是的,发布1个多月了。


#16

官方最新版固件:EdgeRouter X v1.9.7

请版主更新