NRSW Releases

For an overview on NetModule Router Software (NRSW) see the NRSW factsheet.

Release Types

There are two types of software releases.

Mainline Releases

Mainline releases have stable functionality and are fully system tested. This releases include bug fixes and small features and are released on a quarterly basis at the end of January, April, July and October (increase of the last number in the release version, e.g. 3.8.0.106). New releases with a bundle of new features appear about every year (increase of the second number in the release version, 3.8.0.100).

You find all mainline releases and accompanying release notes on our FTP server.

Subscribe to our NetModule Insights mailing if you wish to be informed about new releases.

Feature Releases

New features, e.g. hardware support for new modules or new products are first introduced in so-called feature releases. After successful field tests and if there is a general need for those new features they will become part of future mainline releases. Feature releases are based on a prior mainline release and have the third number in the version increased (e.g. 3.8.1 or 3.8.2).

You find all feature releases on our FTP server under “testing”.

Release History

New in Version 4.0

Feature First introduced
Firmware Update for Sierra Wireless MC74xx Modems: It is now possible to upgrade the firmware for Sierra MC74xx modems. 4.0.0.108
TCP Timestamps: TCP timestamps are part of the PAWS (Protection Against Wrapped Sequence numbers) mechanism which avoid that TCP sequence numbers will wrap and break long data stream transfers on a very fast network connection. However, if TCP timestamps are enabled, a remote attacker can guess the uptime of the system which may indicate that no recent security patches have been applied. If desired, this option can be turned off now. 4.0.0.107
SCEP CA Identifier: We have added option to configure the CA identifier which is used to pair with the SCEP server. 4.0.0.107
Number of Firewall Groups/Rules: The number of firewall groups has been increased from 5 to 10. The number of firewall rules has been increased from 35 to 50. 4.0.0.107
Secondary DHCP Relay Server: It is now possible to specify a secondary DHCP relay server. 4.0.0.107
GPS Flap Detection: Under some rare circumstances it happened that the GPS signal was flapping and not getting stable anymore. It is now possible to set surveyor.gnss.maxflaps (max. number of flaps per 5min) and reset the module if exceeded. 4.0.0.107
QoS and WLAN EAP: If QoS was operating on a WLAN interface it may have happened that EAP packets were not delivered in in-time. They will now pass through the scheduler without any restriction. 4.0.0.107
New Events: Added system-error and system-no-error events which indicate service failures. 4.0.0.107
Signature Algorithm for Certificates: It is now possible to configure the signature algorithm used when creating certificates. 4.0.0.107
Improved SMS Management: The SMS daemon is now able to handle scrambled message indexes. Usually this does not happen but will be covered now. 4.0.0.107
IP Address of WLAN Clients: The IP address of WLAN clients will now be shown in CLI/GUI even if it has not been assigned via DHCP. 4.0.0.107
Drop ICMP Packets with Timestamps: With ICMP timestamps enabled, a remote attacker might be able to guess the uptime of the system. Thus, any ICMP packets containing timestamps are now being dropped. 4.0.0.107
Serial Attributes for IBIS: It is now possible to configure all required serial attributes for the IBIS interface. 4.0.0.107
Power Down on Deactivated USB Ports: Deactivated USB ports will be now without power. 4.0.0.106
SDK Debug Levels: It is now possible to set, get and reset the debug level of system daemons. 4.0.0.106
Updating Backup Configuration: The backup configuration, i.e. the configuration stored during a software update, can now be updated by using the CLI with -b switch. The corresponding configuration will be applied when the software update is being finished at next reboot. 4.0.0.106
CLI Virtualization Status: The CLI is now able to display status information about any running virtual guests. 4.0.0.105
Band Selection for Sierra MC7430: It is now possible to select the preferred band for the Sierra MC7430. Operation in LTE band 28 has been verified with Australian provider Telstra. 4.0.0.105
Serial Device Server Keepalive: The device server for serial ports is now supporting the keepalive NOP command when using the telnet protocol. 4.0.0.105
More DHCP Leases: The DHCP server does now support more than 100 leases. 4.0.0.105
SDK Arguments: The arguments for SDK scripts can now contain slashes and colons. 4.0.0.105
Support for Huawei MC7430: The Huawei MC7430 is now supported. This modem does not support voice calls yet. 4.0.0.104
New SDK Functions: USSD requests can now be issued using the nb_ussd_query function. We further added an uptime function which returns the number of seconds since bootup. 4.0.0.104
DHCP Server on Alias Address: The DHCP server was restricted to operate on the primary address. It can also use the alias address now. 4.0.0.104
NB2800 Console: It’s now possible to enable the printout of the serial console. 4.0.0.104
NB2800 Voice Gateway: The NB2800 supports now up to 4 voice modems with up to 3 concurrent channels. 4.0.0.104
LXC Device Configuration: It is now possible to configure CAN devices which will be available in the LXC guest. 4.0.0.104
New SNMP Extensions: The nbGnssTable is now showing horizontal speed, vertical speed and the track angle. The nbAdminTable is now showing the current system date. Counters for downloaded/uploaded data in the nbWanTable are now wrapped correctly. The IF-MIB is now returning proper ifOpenStatus values. We also fixed some typos in the VENDOR MIB description. 4.0.0.104
TAB Completion for parrotlog: The parrotlog application does now expand any parameter if the TAB key is hit. 4.0.0.104
Enhanced IPsec Supervision: IPsec tunnels will now be reloaded individually if they are down for 1 minute. The whole IPsec service will be restarted if all tunnels are down for 3 minutes. 4.0.0.104
Firewall Rules for OSPF: It is now possible to filter out OSPF packets by means of firewall rules. 4.0.0.103
Static Multicast Routing: We have added support for static multicast routes. Aparat from IGMP Proxy, they can be used to implement bidirectional multicast routing. 4.0.0.103
Console on Serial Port: The serial console can now be turned off completely. The KPL/KBOOT images are not required anymore. 4.0.0.103
SDK Transfers: The nb_transfer functions are now supporting ftps, https, imaps, pop3s, smtps and sftp. Files can now be downloaded to /tmp. We further fixed a flaw when checking URLs. 4.0.0.103
New SNMP Extensions: We have added the following SNMP extensions:
  • nbGnssTable:gnssNumSatUsed
  • nbAdmin::systemError
  • nbWanTable::wanDataDownloadedRoaming
  • nbWanTable::wanDataUploadedRoaming
  • nbWanTable::wanLinkNetmask
  • nbWwanTable::wwanIccid
  • nbWlanTable::wlanSignalStrength
  • nbWlanStationTable

Further, we have added tables of IF-MIB and IP-MIB.

4.0.0.103
Support for Disabling Ethernet Ports: It is now possible to turn off dedicated ports of the Ethernet Switch. 4.0.0.103
Support for En-/Disabling CAN Interfaces: It is now possible to turn on/off CAN interfaces by means of configuration settings. 4.0.0.103
Extended Storage: It is now possible to store syslog messages and SDK files on extended storage if available. 4.0.0.103
Additional DH Groups for IPsec: We have added Diffie-Hellman groups 16-21 used for IPsec. 4.0.0.103
Advanced Hardware Failure Detection: We are now detecting hardware failures at a very early stage and also periodically during runtime. 4.0.0.103
New Managed WLAN Implementation: We have upgraded to FreeWTP for managing WLAN access-points remotely. 4.0.0.103
USSD Queries on Sierra MC Modems: Sending USSD queries has been verified for Sierra MC7304/MC7354/MC7430/MC7455/MC9090. 4.0.0.103
Bootloader Password: The bootloader is now supporting SHA256 salted passwords. The password can now differ from the admin password. 4.0.0.103
WEP Hex Keys for WLAN Client: It is now possible to configure WEP40/WEP104 keys in ASCII and HEX notation. 4.0.0.102
Configurable IP-Passthrough Network: It is now possible to configure the WAN network which will be passed-through to a LAN host and to communicate with other devices in that network. 4.0.0.101
Firmware Update on NB2800/NB3800: Firmware updates can now be run on NB2800/NB3800. 4.0.0.101
SDK Workdays/Weekend Triggers: Triggering scripts only on workdays or weekend is now possible. 4.0.0.101
Kernel/System Upgrade: We have migrated to OpenWRT Chaos Calmer which includes an upgrade to Linux Kernel 3.18.16 and recent versions of the packages. This comes with improvements and security fixes for specific packages. The overall routing performance has been increased significantly. Please note that the toolchain has changed from 4.4.5_uClibc-0.9.31 to 4.8-linaro_uClibc-0.9.33.2. 4.0.0.100
Support for New Models: The new models NB2800 and NB3701/NB3711/NB3800 are now supported. 4.0.0.100
Support for New Modules: The following modules are now supported:
  • Huawei EM100
  • Huawei ME909s
  • Cellient MPL200 (LTE450)
  • GSM-R v2.0 with Voice support
  • Sierra MC7304/MC7354
  • Sierra MC7455
  • Sierra MC9090
  • Compex WLE600VX
  • u-blox NEO-M8L
4.0.0.100
Bridged GRE TAP Interfaces: It is now possible to bridge a GRE TAP tunnel to a LAN interface. 4.0.0.100
DynDNS TSIG Update: Support for dynamic DNS updates via TSIG has been added. Transaction SIGnature (TSIG) is a secure mechanism to authenticate updates of a zone in the DNS database. 4.0.0.100
Enhanced Certificate Management: The certificate management hast been enhanced. The signature algorithms SHA1, SHA256 and SHA512 and custom Diffie-Hellman primes can now be used when creating certificates. It is further possible to upload authorized keys used for authenticating at the SSH server. Certificate enrollment over SSCEP has been extended and made compatible with Microsoft Windows Server. 4.0.0.100
Enhanced Firmware Update: A progress bar is now shown when updating the firmware of a module. In addition, the update procedure for the modems ME909 and MU609 has been revised. 4.0.0.100
New Extensions for Extended Routes: It is now possible to force packets to be forwarded over a specific interface and discard them if the interface is down. 4.0.0.100
Disable USB Ports: The USB port can be disabled now in order to avoid running any USB code. The USB power supply remains active. 4.0.0.100
Support for USB Ethernet Asix Adapter: Asix-based USB Ethernet adapters are now supported. 4.0.0.100
Firewall Logging: Logging of firewall activities can now be achieved by enabling a flag in the firewall rule. This option generates system log entries if a rule has matched. 4.0.0.100
IKEv2 for IPsec: We have migrated to StrongSwan 5.3.4 and added support for IKEv2 and MOBIKE (RFC 4555). It is also possible to configure Perfect Forward Secrecy (PFS) in detail. 4.0.0.100
IPsec Expert Mode: IPsec expert mode files can now be generated and uploaded. Currently, this is limited to PKI server mode. 4.0.0.100
Ignition Voltage Sense: The ignition voltage sense feature of the NB2800 can be used to run a delayed halt of the system if the ignition voltage has dropped. 4.0.0.100
Improved WLAN Roaming: We improved WLAN background scanning to faster detect nearby stations which guarantess seamless handover to access points with higher signal strength. 4.0.0.100
Managed WLAN over CAPWAP: We have implemented the Control And Provisioning of Wireless Access Points (CAPWAP) protocol according to RFC 5415. With CAPWAP it is possible to control and monitor the WLAN access-point of the router remotely. 4.0.0.100
Masquerading by Source Address: It is now possible to perform masquerading for specific source addresses. 4.0.0.100
Multipath TCP: Support for Multipath-TCP (RFC 6824) has been added. MPTCP can be used to establish a TCP connection with multiple paths in order to maximize resource usage and increase redundancy. 4.0.0.100
Multiple Admin Accounts: Configuring multiple admin users is now possible. 4.0.0.100
NAPT Enhancements: The target or source address can now be specified for NAPT rules. 4.0.0.100
OPC-UA SDK Functions: The SDK has been extended with functions to communicate with an OPC-UA server. The OPC Unified Architecture (OPC-UA) protocol suite provides a cross-platform service-oriented architecture and corresponds to an industry standard that enables software to connect devices, machines and systems from different manufacturers using same interface. 4.0.0.100
OSPF/BGP: The Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP) routing protocols have been added. 4.0.0.100
Multiple OpenVPN Client Networks: It is now possible to specify multiple client networks behind an OpenVPN tunnel. 4.0.0.100
SDK Extensions: We added support for PCRE (Perl Compatible Regular Expressions) in SDK scripts. It is also possible now to send SNMPv3 trap/inform notifications. Functions for mounting and accessing storage media have been extended. The recvmsg function is now able to return the source address of the sender. Using the nb_userpage_register function one can now create webpages which are also visible for non-admin users. 4.0.0.100
Partial Configuration Update: It is now possible to update the system configuration partially, that means only specific parts of the configuration without resetting other values to factory default. 4.0.0.100
QoS Bandwidth Congestion: QoS has been extended to automatically measure the bandwidth of a link and adapt the queue sizes accordingly. 4.0.0.100
QoS for OpenVPN: Running QoS on top of OpenVPN connections is now possible. 4.0.0.100
RSTP: It’s now possible to perform the Rapid Spanning Tree Protocol (RSTP) according to IEEE 802.1D on top of software-bridged Ethernet ports. 4.0.0.100
SMS Short Number: Support for sending messages to short codes has been added. 4.0.0.100
New WWAN Features: The required signal strength can now be specified by means of link quality levels rather than just the RSSI value. You can now further specify the mobile bands to which the modem shall register (if supported). 4.0.0.100
SNMP Extensions: We have extended the nbAdminTable for storing and scheduling software and configuration updates. Please take a look at the VENDOR-MIB for getting further information. 4.0.0.100
Updates over SFTP: Software and configuration updates over SFTP are now possible. 4.0.0.100
Virtualization with LXC: We added support for LXC (see linuxcontainers.org ) which allows customers to set up an isolated operating system for running any third-party applications. 4.0.0.100
Additional WLAN Features: We have added support for Protected Management Frames (PMF) according to IEEE 802.11w. It is further possible now to limit the available ciphers and run 802.11n with CCMP only. One may also enable the SGI20/SGI40 option if supported by the WLAN module. 4.0.0.100
CoovaChilli Hotspot: The CoovaChilli captive portal can be provided over a dedicated software release including support for Walled Gardens, RADIUS accounting and bandwidth limiting. 4.0.0.100

New in Version 3.8

Feature First introduced
Support for USB Ethernet Asix Adapter: Asix-based USB Ethernet adapters are now supported 3.8.0.107
Sender Network for IGMP Proxy: The configuration of a dedicated sender network for the IGMP proxy has been added. 3.8.0.107
Support for 802.11w Protected Management Frames: It’s now possible to force 802.11w Protected Management Frames when running as WLAN client or access-point. 3.8.0.106
No Configuration Secrets in TechSupport: It is now possible to create a TechSupport file without configuration secrets. 3.8.0.105
Increased Volume for Voice Calls: It is now possible to further increase the volume level for voice calls. 3.8.0.104
Multicast Downstream Interfaces: We have added support for setting up multiple downstream interfaces for the IGMP proxy. 3.8.0.104
GPS Supervision: Supervising the GPS service can be configured now more precisely via the Web Manager. 3.8.0.104
Firmware Update Huawei MU609/ME909: New firmware updates for the Huawei MU609/ME909 modems are now available. They can be found on our FTP server. 3.8.0.103
IPSec Configuration: We added a continue button for the IPsec pages which allows the user to apply a full set of parameters values at the end of the configuration process. 3.8.0.103
DynDNS Status: We have added an additional status page which informs about any DynDNS activities. 3.8.0.103
LTE Bands 1/5 on Huawei ME909: Support for LTE Bands 1 and 5 on Huawei ME909 has been added. 3.8.0.103
Larger SMS Spool Size: The SMS spool size has been enlarged to spool up to 10 short messages. 3.8.0.103
OpenVPN Upgrade: OpenVPN has been upgraded to 2.3.7. This version is able to run connections with cipher none again. 3.8.0.102
New IPsec Algorithms: The encryption algorithm AES192 (for phase 1) and the authentication algorithm SHA2-256 (for phase 2) are now supported. 3.8.0.102
New GUI Features: Within the GUI it is now possible to query the latest software version available at our FTP server. It can be also queried by running update software latest -v in the CLI. The TOS value for QoS services can be specified numerically now, we further added redundancy events to figure out the current VRRP master/slave state. The GUI will now throw a warning when using an SSL connection and the CA is not trusted. Trusted certificate authorities can be uploaded in the certificate section. In case the GUI is embedded in an other GUI application or if GUI ports are NATed, the user may consider setting http.embed=1 to make page redirection work properly. 3.8.0.102
Enhancements for RS485 Module: The RS485 extension port has received a larger ring buffer and one can also turn the hardware flow control on or off now. 3.8.0.102
Multicast Uptream Interface: It is now possible to configure now any interface as upstream interface for the IGMP proxy. 3.8.0.102
Digital Input Port Measurement: It is now possible to measure the number of toggles of an digital input port. They can be counted by the SDK function nb_dio_count. 3.8.0.102
New SMS Features: It is now possible to send messages with up to 1024 characters. According to 3GPP TS 23.040, they will be split into multiple chunks with 160 characters each and will be concatenated upon reception. Depending on your modem, you can also request now a delivery report for a sent message. 3.8.0.101
PCRE for SDK Scripts: It is now possible to use PCRE (Perl Compatible Regular Expressions) in SDK scripts. Please refer to the language manual for getting more information about how to use them. 3.8.0.101
Certificate Verification: Uploaded or generated keys/certificates will now be verified and the GUI will moan about any certificate errors (e.g. if not yet valid). 3.8.0.101
OpenVPN Expert Mode File Export: Users are now able to download an OpenVPN expert mode file from a previous standard configuration. 3.8.0.101
Reset Statistics: It is now possible to reset the WAN link statistics (data downloaded/uploaded) with CLI and SDK scripts. 3.8.0.101
Support for new product types: NB2710, NB3710. 3.8.0.100
Support for new internal modems: Huawei MU609 (successor of GTM661W and EM820W). 3.8.0.100
Support for extension modules: NetModule PCIe cards for Audio, CAN, RS-485, IBIS slave and RS-232. 3.8.0.100
Enhanced voice gateway: SIP/RTCP support, user agent, Voice support for ME909. 3.8.0.100
Multicast routing with IGMP proxy: An Internet Group Management Protocol (IGMP) proxy will track multicast group membership information of all LAN interfaces and forward multicast packets as received on the hotlink interface. Sender networks can be specified by adding appropriate host/network routes on the corresponding WAN interface. IGMP is specified in RFC 3376 . 3.8.0.100
Router Discovery for IPv4: Clients can now discover NetModule Routers using the ICMP Internet Router Discovery Protocol (IRDP) according to RFC 1256. 3.8.0.100
Multiple WLAN SSIDs: Multiple SSIDs can now be configured. The router will connect to the SSID with highest priority. 3.8.0.100
IPSec XAUTH (extended authentication): Support for road warrior applications. 3.8.0.100
Certificate management: NetModule Routers can now request digital certificates at the certificate authority using the Simple Certificate Enrollment Protocol (SCEP) according to the current SCEP Internet-Draft. 3.8.0.100
Support for assisted GPS (A-GPS): A-GPS is a system that is often able to significantly improve the startup performance, or time-to-first-fix (TTFF), of a GPS satellite-based positioning system. 3.8.0.100
DynDNS improvements: Support for Dynamic DNS update according to RFC 2136 and support for GnuDIP Dynamic IP DNS service. 3.8.0.100
SDK extensions: New API functions for SNMP, voice, CAN and Modbus, see latest SDK API manual. 3.8.0.100
Module firmware update: The firmware of internal modules can now be updated. Supported modules include modems, CAN, IBIS and audio modules. 3.8.0.100
TFTP server: A TFTP server has be included. It can be enabled by cli set tftpd.status=1. The directory can be set by cli set tftpd.directory=/path/. 3.8.0.100
FTP server: A TFTP server has be included. It can be enabled by cli set ftpd.status=1. The FTP directory is located in /home/<user>. Note that root is not allowed as FTP user. 3.8.0.100
Unified OpenVPN configuration files: Unified OpenVPN configuration files containing configuration parameters, root certificate (ca), client certificate (cert) and the client private key (key) can now be imported as a single client.ovpn file. 3.8.0.100
Bridged VLAN interfaces: VLAN interfaces can now be bridged. 3.8.0.100
Transparent Firewall: Unobstrusive IP filtering on NB1600 with bridged Ethernet ports. 3.8.0.100
Speed-test client: A command line version of the speedtest.net client has been integrated. Just type speed-test in the root console. 3.8.0.100
Upgrades for packages: gpsd, curl, chronyd, php, openvpn, openssl, dropbear, openswan, wlan, wpa_supplicant and hostapd have been updated. 3.8.0.100
Kernel modules: The kernel modules cdc_acm and ftdi_sio are now present. They are required for our PCIe cards but are also helpful to drive other USB based equipment such as the Bluegiga BLED112 BLE dongle. 3.8.0.100
Internal software optimizations: Improved config conversion, boot time reduction thanks to new wwanmd. 3.8.0.100

New in Version 3.7

Feature First introduced
LTE Bands 1/5 on Huawei ME909: Support for LTE Bands 1 and 5 on Huawei ME909 has been added. 3.7.0.107
Support for Huawei MU609: The Huawei MU609 modem is now supported. 3.7.0.104
USSD Codes via CLI: The CLI is now able to send/query USSD codes. For instance, one may query the first modem by running: 3.7.0.104
SNMP Admin Access: For SNMPv1/v2, it is now possible to specify a whole subnet rather than just a host which will be privileged for administrative access. 3.7.0.104
SDK Events: We have added an function which is able to retrieve additional options for an event. 3.7.0.104
DHCP Hostname: The GUI status pages are now listing the hostname of DHCP clients (if provided). 3.7.0.104
Legal Notice: A dedicated GUI page under SYSTEM is now pointing out that NRSW contains in part open source software that may be licensed under GPL, LGPL or other open source licenses. It further provides detailed information for each package now, including the relevant license text and the corresponding source URL. The user is now obliged to accept our end user license agreement during the initial setup of the router. We remind you that the source code of any package can be obtained by contacting our technical support at router@support.netmodule.com. 3.7.0.103
Redundancy Status: The VRRP redundancy status including the currently active role can now be shown with CLI. If configured, OpenVPN will be restarted in case the redundancy role changes. 3.7.0.103
Other Remote IDs for IPSec PKI Clients: It is now possible to specify other remote IDs (FQDN, IP address, etc) when running IPSec as PKI client. Formerly, this has been derived from the Common Name of the certificate only. 3.7.0.103
Increased Number of IPSec Networks: It is now possible to specify up to 10 networks for each IPSec tunnel. 3.7.0.103
OpenVPN Duplicates: One single certificate can be used now for multiple clients by setting the following config option: openvpn.tunnel.x.duplicates=allow. 3.7.0.103
Enhanced WLAN Details: The currently associated WLAN network name (SSID) as well as the DHCP address for WLAN stations can be obtained now with GUI and CLI. The number of received/transmitted bytes are shown correctly now. 3.7.0.103
Control Debug Levels Via CLI: The debug levels of applications can now be controlled by debug -l <level> <target>. 3.7.0.102
Send Hostname in DHCP Discover: The hostname of the box is now submitted in DHCP discover requests (option 12 and 81) which can be used to identify the client and assign a corresponding IP address. 3.7.0.102
Switchback Option for Switchover Links: A configuration option was added which can be used to define an interval after which a switchover link will be teared down, letting links with better priority dial and come up again after the specified time. 3.7.0.102
Configurable Initial Ping of NTP Server: Time synchronisation was only triggered after the specified NTP servers have been pinged. This can be avoided now by means of a configuration option. 3.7.0.102
Clear Log Command: We have added a clear-log alias which can be used to clear any logfiles. 3.7.0.102
Watchdog Keepalive for Surveyor: We implemented a keepalive mechanism for the surveyor which is now periodically notifying the watchdog. If no keepalive has been received within a specific amount of time, the watchdog will reboot the system. 3.7.0.102
Support for CDMA with SIM: It is now possible to run CDMA in combination with a SIM card. 3.7.0.102
Update System Time via Config: It is now possible to update the system time by uploading a configuration file with system.time being set. This can be used for instance to bypass any issues regarding the expiration of uploaded certificates. 3.7.0.101
Ethernet Status: The status of the Ethernet interfaces can be derived now from the GUI and CLI. 3.7.0.101
OpenVPN Enhancements: It is now possible to specify the HMAC authentication digest for OpenVPN connections. In case of credential-based authentication, the username and password will be obtained now using the via-file method. Running as client, it is possible now to either connect to a single server or choose one of multiple servers in a random or failover way. 3.7.0.101
40-160V Power Supply: We have added support for a new power supply extension on NB3700 which is able to operate with a primary input voltage of 40-160V. 3.7.0.101
VLAN Priority: It is now possible to specify the priority for a VLAN interface according to 802.1p/d. 3.7.0.101
New SDK functions: We have added the seek function for repositioning the read/write file offset. It is also possible now to send specific SNMP traps by using the nb_send_trap function. 3.7.0.101
Disable Web Manager: It is now possible to completely turn off the Web Manager. 3.7.0.101
WLAN Station Inactivity: The maximum station inactivity of WLAN clients, i.e. the time until they will be declared as off, can be configured now. 3.7.0.101
Performance Improvements: We have applied multiple performance enhancements to the system which range from software related improvements up to faster hardware access. They offer a smarter interrupt handling for high-speed transfers over USB-based LTE modems, faster memory access and less-consuming Ethernet packet dispatching. WLAN connections are now operating with a proper transmit power. We have also optimized the watchdog to cope with high system load. Newer versions of NB1600/NB2700 are also shipping with a faster CPU now. 3.7.0.100
NTP Server Extensions: We have upgraded chronyd to the latest version 2.29.1 which improves compatibility for clients and also fixes some security isses. The NTP server has received additional options to tune its synchronization behaviour. The poll interval, for instance, can be configured now. It is further possible to control access from a particular subnet and to trigger synchronisation manually. 3.7.0.100
DHCP Server Extensions: The DHCP server is now able to operate as relay agent and relay server. For IP/MAC bindings we have added support for pre-defined static hosts and an option to ignore undefined hosts. Further DHCP options (such as Agent-ID or WINS server) can be specified now. 3.7.0.100
GPS Daemon Upgrade: The GPS daemon has been upgraded to version 3.9 which is now able to deliver GNSS information in JSON and NMEA format. Clients are nowadays using the new JSON format (see the Berlios site for getting more details). Therefore, it represents the factory default mode now. All legacy modes are still available and backward-compatible to 2.37 clients, so that the new server will integrate flawlessly in existing environments. 3.7.0.100
IP Aliases: Ethernet-based interfaces are now supporting IP aliases and most applications (HTTP, SSH, Telnet, NTP, etc) can be addressed by those. However, the voice server does not work with IP aliases. 3.7.0.100
New Provider Database: We have incorporated Gnome’s mobile broadband provider information in order to offer accurate and up-to-date provider settings (APN, username, password) when setting up a WWAN connection. 3.7.0.100
Support for Sierra MC7700/MC7750: The QMI-based Sierra MC7700 and MC7750 modems are now supported. 3.7.0.100
PPTP Changes: PPTP’s client network is now 192.168.250.0/24 by default and ProxyARP is active. 3.7.0.100
Support for Additional USB Devices (USB-Serial Adapters, USB-Ethernet Adapters, RNDIS Devices): External USB-based serial and network devices can now be embedded to the system, providing the same capabilities as onboard interfaces. They can be enabled by their vendor and product ID (wildcards are supported) and also be connected during runtime (hotplug). The range of available drivers provide support for pl2303- and ch341-based adapters (like the Prolific PL230 and ATEN UC232A) as well as pegasus-based Ethernet/RNDIS adapters. Please ask our support team whether your desired device is supported. 3.7.0.100
Improved Software Update: The new software update facility enables on-the-fly updates and requires almost no additional memory anymore. 3.7.0.100
New WLAN Features: We have added support for the WLE200NX module which allows 802.11a operation in the 5 GHz band. Please note that we do not support Dynamic Frequency Selection (DFS) at the moment, thus the range of channels is limited according to local regulations. Nevertheless, we have updated the registry database for operating with a proper transmit power in the available channels. We have also added support for 802.1x certificate-based authentication (WPA-EAP-TLS) and WEP when operating as client. The MTU of the WLAN interface can be configured now. 3.7.0.100
New SDK Functions: The virtual memory size of a script is now limited to 5MB and it can be monitored individually by the watchdog. The range of SDK API functions have been extended to:
  • Generating user-defined web pages
  • Listing, transferring or deleting files from an FTP or HTTP(s) server
  • Scanning available WWAN or WLAN networks
  • Various network-related functions (e.g. for sending ARP or WakeOnLAN packets)
  • Other system functions (e.g. sending SNMP traps)
3.7.0.100
IPsec Improvements: NAPT between IPsec peers (especially in case of holding the default route) works more reliably now. Broadcast packets are not encapsulated anymore. It is possible to configure the DPD action and force encapsulation. For roadwarrior configurations, the remote peer can be specified with 0.0.0.0. 3.7.0.100
SNMP Agent Enhancements: We have added SHA/AES for authentication via SNMPv3. Administrative access via SNMPv1/v2c is now possible from a distinctive subnet. 3.7.0.100
OpenVPN Enhancements: OpenVPN has been upgraded to version 2.3.2 and it is now feasible to operate with dynamic hostnames. Server and transfer network as well as MTU can be configured. 3.7.0.100
Firewall / NAPT Enhancements: It is now possible to specify IPsec interfaces, they can also be applied as additional selector for the outgoing interface. Addresses can be grouped and those groups can be used instead of adding multiple rules. By using the LOCAL specifier, it is possible to select packets coming or going to local applications of the box. 3.7.0.100
IP-Passthrough: It is now possible to implement a pass-through of the WWAN IP address towards a LAN host (e.g. first DHCP client). More or less, the system acts like a modem in such case which can be helpful in case of firewall issues. 3.7.0.100
Temperature Indication: The system will now show the board temperature (available on NB3700) as well as temperature values derived from sensors of the modems. 3.7.0.100
CLI Enhancements: The CLI is now showing additional information (such as WWAN download/upload rates, IMSI, ICCID and SIM number) as well as details about the running configuration (name, version, hash). Scanning WWAN and WLAN networks is now possible and it can be used to get debug messages and to generate/send tech reports. We have also added a history command for showing the list of previously entered commands. Startup and config operations will be much faster now 3.7.0.100
Distintive Supervision: It is now possible to configure ping supervision on a per-link basis. A retry interval option has been added for reducing the network footprint. We are also supervising any IPsec connections now in order to detect broken NAT peers. 3.7.0.100
New Options for Serial Device Server: Configuration options have been added for showing the banner and enabling remote control according: to RFC 2217. 3.7.0.100
Deployment: Systems can be deployed over CLI-PHP, HTTP, SSH and console by using an empty password in factory state. We are now supporting LLDP and CDP for device discovery. 3.7.0.100
Voice Daemon Enhancements: The system is able to receive mobile calls and dispatch them to SIP clients. 3.7.0.100
Support for CDMA 450: The Cellient MPN200 module and operation in CDMA 450 networks is now supported. 3.7.0.100
Support for Huawei ME909: The Huawei ME909 module is now generally supported. However, voice calls with this modem are not yet supported. 3.7.0.100
Secure SSL Client Connections: Client applications will now abort connections to servers with an invalid certificate. Trusted CA root certificates can be uploaded to bypass that. 3.7.0.100
Support for Multipath Routes: Multipath routes are now being supported. They can be used to distribute IP sessions over multiple hosts. In addition, WAN links can be configured as distributed interfaces in order to balance traffic in the same manner. 3.7.0.100
GRE Implementation: It is now possible to run GRE tunnels. However, we have not yet completely finished compatibility tests to other systems. 3.7.0.100
Quality of Service: We have implemented a QoS mechanism based on Linux’s advanced traffic control, so that the system is now capable of prioritizing and shaping bandwidth for particular IP services. 3.7.0.100
VLAN Implemenation: The Ethernet interfaces are now supporting Virtual LAN (VLAN) according to IEEE 802.1P/Q. 3.7.0.100