Major release of the firmware is version 6.3.0. brings significant improvements and some extra features. Full change log can be found in Release Notes.
Let's start with some security updates:
- Update of
OpenSSHlibrary- Updated the
OpenSSHlibrary to version 8.5p1. This update has fixed CVE-2020-14145 (medium) and CVE-2020-15778 (high). For more details about this release, see thewebpage at https://www.openssh.com/releasenotes.html.
- Updated the
- Update
OpenVPNprogram- Updated the
openvpnprogram to version 2.4.11. This update has fixed CVE-2020-15078. For more details about this release, see the webpage at https://openvpn.net/community-downloads/
- Updated the
- Update
StrongSwanprogram- Update to version 5.9.2. For more details about this release, see the webpage at https://wiki.strongswan.org/version
New features
Important security updates out of the way, we can look at new addition to web interface and new programs added.
Multiple SSIDs
Support for two independent SSIDs (WLANs) for the WiFi AP mode. There are two independent configuration pages in the GUI called Access Point 1 and Access Point 2.
Route-based VPN policy
Significant enhancement of the IPsec functionality in this firmware release.
The route-based VPN policy is now supported. So both, policy-based and route-based VPN approaches are supported by Advantech routers.
IPsec Certificate-chain Validation
Added support for the certificate-chain based validation to the IPsec tunnel functionality. In the IPsec configuration, users may define a CA certificate without specifying a remote peer certificate. This will accept all peers with certificates signed by this CA.
Updated Syslog Format
Syslog message was changed to meet the RFC 3164 standard. Now, each message has a facility and severity code assigned. The new format enables integration with external log monitoring tools allowing to react in significant events, such as an authentication failure is. Note that the textual output in the router GUI remains no affected by this update.
Here is an example of the new message format, starting with the facility and severity number:
<38>Jul 27 13:41:29 https: user ’root’ logged in from 192.168.1.1
Fix RS232 hardware flow control
Download
| Model | Version | Download |
|---|---|---|
| ICR-3232 | 6.3.0 | Firmware - zip |
| SR-308xxxxx | 6.3.0 | Firmware - zip |
| ICR-3232W | 6.3.0 | Firmware - zip |
| LR77-v2 | 6.3.0 | Firmware - zip |
| LR77-v2 Libratum | 6.3.0 | Firmware - zip |
| UR5i-v2 | 6.3.0 | Firmware - zip |
| UR5i-v2 Libratum | 6.3.0 | Firmware - zip |
