NRSW Releases

For an overview on NetModule Router Software (NRSW) see the NRSW factsheet.

Release Types

There are two types of software releases.

Mainline Releases

Mainline releases have stable functionality and are fully system tested. This releases include bug fixes and small features and are released on a quarterly basis at the end of January, April, July and October (increase of the last number in the release version, e.g. New releases with a bundle of new features appear about every year (increase of the second number in the release version,

You find all mainline releases and accompanying release notes on our FTP server.

Subscribe to our NetModule Insights mailing if you wish to be informed about new releases.

Feature Releases

New features, e.g. hardware support for new modules or new products are first introduced in so-called feature releases. After successful field tests and if there is a general need for those new features they will become part of future mainline releases. Feature releases are based on a prior mainline release and have the third number in the version increased (e.g. 3.8.1 or 3.8.2).

You find all feature releases on our FTP server under “testing”.

Release History

New in Version 4.1

Feature First introduced
Support for new eMMC chipsets: Due to an EOL notice we changed the eMMC chipset of NB2800. Support for this chipset was implemented.
OpenVPN pushed IP address: It is possible to apply the network settings pushed by OpenVPN server for a TAP device.
Consider only 3G/4G networks for WWAN data link: It is possible to restrict a WWAN interface to connect only on 3G or 4G networks.
Provide same USB drivers for all platforms: For our products different drivers for external USB serial or USB ethernet adapters had been shipped. We now provide the same drivers for all our routers. Please refer to our manual for detailed description of supported 3rd party hardware.
GUI improvements: A change of the IP of the WLAN AP in dual-mode operation did not automatically change the DHCP range appropriately. A SIM card which required a PIN did show “unknown” for pin protection in overview and “error” on SIM state until the correct PIN was applied. It is now possible to install LXC containers directly from the web interface on devices with virtualisation support. The web GUI does not offer HW flow control on internal serial ports which do not support this. The current IPsec status shown in the web interface was inconsistent at different locations. The status is shown identical everywhere now. A WAN interface on a disabled LAN port would show as “dialing” in the overview. That was fixed. It shows “disabled” now. On too many VLAN interfaces the GUI showed inconsistent data. WLAN networks which do not match on channel selection in WLAN dual mode are not selectable any more in the web GUI. The uptime of OpenVPN clients is shown in UTC in the web interface. That is explicitly mentioned now.
GPS required fix accuracy default value changed to 50m: The required accuracy for a GPS fix was changed from 15m to 50m.
Better help text on CLI: The help text for CLI was missing a parameter on firmware update.
New SNMP field showing the activation time of a new software update: Software update via SNMP is done in two steps: First the new release is updated, second is the activation of the previously updated software release. So far only the time stamp of the download could be obtained via SNMP. Now also the activation time stamp can be requested via SNMP.
WLAN client TLS version: It is now possible to configure the preferred TLS version for each WLAN client network if WPA-EAPTLS is configured.
SDK improvements: It is possible now to perform an incremental configuration update from the SDK now. This is analogue to the option “missing config directives will be ignored” in the web GUI.
Exclude WAN links from HotsPlots VPN: By default all available WAN links are used for transmission of Hotspot data. It is possible now to omit WAN links from data transmission.
Allow individual SSL settings for WPA-EAP-TLS: It is possible now to set up individual SSL settings for WLAN with WPA-EAP-TLS setup. Please contact our customer support if you need this feature.
Support for new configuration version 1.11: The new software release supports conversion of configuration files with version ID up to 1.11.
Limit band width per Wi-Fi client: In AP mode the maximum band-width may be limited per Wi-Fi client.
GUI improvements: On interfaces which show a minus symbol to remove entries (i.e. firewall rules) the corresponding setting was deleted immediately. This is now safeguarded by an alert to prevent accidental remove of settings.
Firmware blobs: To comply with RED is not possible to load unsigned firmware blobs any more. All firmware blobs are signed now.
Timezone update: The timezone list has been updated to version 2017c.
SNMPv3 engine ID con1guration: Engine ID for SNMPv3 traps can be configured now.
CAN shield for NB800: The NB800 Dual-CAN shield is now fully supported.
WLAN drivers: The WLAN drivers have been updated to a newer version.
Bridge VLAN interfaces: Software bridge devices BR0 and BR1 were added to the options provided for bridged VLAN interfaces. This allows VLAN interfaces to be bridged with WLAN and layer two VPN (TAP) interfaces.
NB800 COM/IO shield: NB800 with COM/IO has now full support for IO interface.
Hayes AT Modem Emulator: Devices with serial interface provide a Hayes AT Modem Emulator. This can be used to replace existing modem based data-call applications. For further information read our case study.
WLAN SSID: The WLAN SSID configuration via webgui has been revised to allow more special characters.
Hostapd and wpa-supplicant updates: Hostapd and wpa-supplicant were updated to version 2017-08-24.
WLAN firmware update: The WLAN chipset firmware files of the NB800 and routers with an 802.11ac WLAN chipset were updated to a newer version.
Regulatory Database: The wireless regulatory database is handled as firmware file now.
Mobile IP services: Starting with release Mobile IP is activated by default and does not require an extra software license.

New in Version 4.0

Feature First introduced
Provide same USB drivers for all platforms: For our products different drivers for external USB serial or USB ethernet adapters had been shipped. We now provide the same drivers for all our routers. Please refer to our manual for detailed description of supported 3rd party hardware.
GUI improvements: A SIM card which required a PIN did show “unknown” for pin protection in overview and “error” on SIM state until the correct PIN was applied. The current IPsec status shown in the web interface was inconsistent at different locations. The status is shown identical everywhere now. A WAN interface on a disabled LAN port would show as “dialing” in the overview. That was fixed. It shows “disabled” now.
New SNMP field showing the activation time of a new software update: Software update via SNMP is done in two steps: First the new release is updated, second is the activation of the previously updated software release. So far only the time stamp of the download could be obtained via SNMP. Now also the activation time stamp can be requested via SNMP.
Allow individual SSL settings for WPA-EAP-TLS: It is possible now to set up individual SSL settings for WLAN with WPA-EAP-TLS setup. Please contact our customer support if you need this feature.
Support for new configuration version 1.11: The new software release supports conversion of configuration files with version ID up to 1.11.
Firmware Update for Sierra Wireless MC74xx Modems: It is now possible to upgrade the firmware for Sierra MC74xx modems.
TCP Timestamps: TCP timestamps are part of the PAWS (Protection Against Wrapped Sequence numbers) mechanism which avoid that TCP sequence numbers will wrap and break long data stream transfers on a very fast network connection. However, if TCP timestamps are enabled, a remote attacker can guess the uptime of the system which may indicate that no recent security patches have been applied. If desired, this option can be turned off now.
SCEP CA Identifier: We have added option to configure the CA identifier which is used to pair with the SCEP server.
Number of Firewall Groups/Rules: The number of firewall groups has been increased from 5 to 10. The number of firewall rules has been increased from 35 to 50.
Secondary DHCP Relay Server: It is now possible to specify a secondary DHCP relay server.
GPS Flap Detection: Under some rare circumstances it happened that the GPS signal was flapping and not getting stable anymore. It is now possible to set surveyor.gnss.maxflaps (max. number of flaps per 5min) and reset the module if exceeded.
QoS and WLAN EAP: If QoS was operating on a WLAN interface it may have happened that EAP packets were not delivered in in-time. They will now pass through the scheduler without any restriction.
New Events: Added system-error and system-no-error events which indicate service failures.
Signature Algorithm for Certificates: It is now possible to configure the signature algorithm used when creating certificates.
Improved SMS Management: The SMS daemon is now able to handle scrambled message indexes. Usually this does not happen but will be covered now.
IP Address of WLAN Clients: The IP address of WLAN clients will now be shown in CLI/GUI even if it has not been assigned via DHCP.
Drop ICMP Packets with Timestamps: With ICMP timestamps enabled, a remote attacker might be able to guess the uptime of the system. Thus, any ICMP packets containing timestamps are now being dropped.
Serial Attributes for IBIS: It is now possible to configure all required serial attributes for the IBIS interface.
Power Down on Deactivated USB Ports: Deactivated USB ports will be now without power.
SDK Debug Levels: It is now possible to set, get and reset the debug level of system daemons.
Updating Backup Configuration: The backup configuration, i.e. the configuration stored during a software update, can now be updated by using the CLI with -b switch. The corresponding configuration will be applied when the software update is being finished at next reboot.
CLI Virtualization Status: The CLI is now able to display status information about any running virtual guests.
Band Selection for Sierra MC7430: It is now possible to select the preferred band for the Sierra MC7430. Operation in LTE band 28 has been verified with Australian provider Telstra.
Serial Device Server Keepalive: The device server for serial ports is now supporting the keepalive NOP command when using the telnet protocol.
More DHCP Leases: The DHCP server does now support more than 100 leases.
SDK Arguments: The arguments for SDK scripts can now contain slashes and colons.
Support for Huawei MC7430: The Huawei MC7430 is now supported. This modem does not support voice calls yet.
New SDK Functions: USSD requests can now be issued using the nb_ussd_query function. We further added an uptime function which returns the number of seconds since bootup.
DHCP Server on Alias Address: The DHCP server was restricted to operate on the primary address. It can also use the alias address now.
NB2800 Console: It’s now possible to enable the printout of the serial console.
NB2800 Voice Gateway: The NB2800 supports now up to 4 voice modems with up to 3 concurrent channels.
LXC Device Configuration: It is now possible to configure CAN devices which will be available in the LXC guest.
New SNMP Extensions: The nbGnssTable is now showing horizontal speed, vertical speed and the track angle. The nbAdminTable is now showing the current system date. Counters for downloaded/uploaded data in the nbWanTable are now wrapped correctly. The IF-MIB is now returning proper ifOpenStatus values. We also fixed some typos in the VENDOR MIB description.
TAB Completion for parrotlog: The parrotlog application does now expand any parameter if the TAB key is hit.
Enhanced IPsec Supervision: IPsec tunnels will now be reloaded individually if they are down for 1 minute. The whole IPsec service will be restarted if all tunnels are down for 3 minutes.
Firewall Rules for OSPF: It is now possible to filter out OSPF packets by means of firewall rules.
Static Multicast Routing: We have added support for static multicast routes. Aparat from IGMP Proxy, they can be used to implement bidirectional multicast routing.
Console on Serial Port: The serial console can now be turned off completely. The KPL/KBOOT images are not required anymore.
SDK Transfers: The nb_transfer functions are now supporting ftps, https, imaps, pop3s, smtps and sftp. Files can now be downloaded to /tmp. We further fixed a flaw when checking URLs.
New SNMP Extensions: We have added the following SNMP extensions:
  • nbGnssTable:gnssNumSatUsed
  • nbAdmin::systemError
  • nbWanTable::wanDataDownloadedRoaming
  • nbWanTable::wanDataUploadedRoaming
  • nbWanTable::wanLinkNetmask
  • nbWwanTable::wwanIccid
  • nbWlanTable::wlanSignalStrength
  • nbWlanStationTable

Further, we have added tables of IF-MIB and IP-MIB.
Support for Disabling Ethernet Ports: It is now possible to turn off dedicated ports of the Ethernet Switch.
Support for En-/Disabling CAN Interfaces: It is now possible to turn on/off CAN interfaces by means of configuration settings.
Extended Storage: It is now possible to store syslog messages and SDK files on extended storage if available.
Additional DH Groups for IPsec: We have added Diffie-Hellman groups 16-21 used for IPsec.
Advanced Hardware Failure Detection: We are now detecting hardware failures at a very early stage and also periodically during runtime.
New Managed WLAN Implementation: We have upgraded to FreeWTP for managing WLAN access-points remotely.
USSD Queries on Sierra MC Modems: Sending USSD queries has been verified for Sierra MC7304/MC7354/MC7430/MC7455/MC9090.
Bootloader Password: The bootloader is now supporting SHA256 salted passwords. The password can now differ from the admin password.
WEP Hex Keys for WLAN Client: It is now possible to configure WEP40/WEP104 keys in ASCII and HEX notation.
Configurable IP-Passthrough Network: It is now possible to configure the WAN network which will be passed-through to a LAN host and to communicate with other devices in that network.
Firmware Update on NB2800/NB3800: Firmware updates can now be run on NB2800/NB3800.
SDK Workdays/Weekend Triggers: Triggering scripts only on workdays or weekend is now possible.
Kernel/System Upgrade: We have migrated to OpenWRT Chaos Calmer which includes an upgrade to Linux Kernel 3.18.16 and recent versions of the packages. This comes with improvements and security fixes for specific packages. The overall routing performance has been increased significantly. Please note that the toolchain has changed from 4.4.5_uClibc-0.9.31 to 4.8-linaro_uClibc-
Support for New Models: The new models NB2800 and NB3701/NB3711/NB3800 are now supported.
Support for New Modules: The following modules are now supported:
  • Huawei EM100
  • Huawei ME909s
  • Cellient MPL200 (LTE450)
  • GSM-R v2.0 with Voice support
  • Sierra MC7304/MC7354
  • Sierra MC7455
  • Sierra MC9090
  • Compex WLE600VX
  • u-blox NEO-M8L
Bridged GRE TAP Interfaces: It is now possible to bridge a GRE TAP tunnel to a LAN interface.
DynDNS TSIG Update: Support for dynamic DNS updates via TSIG has been added. Transaction SIGnature (TSIG) is a secure mechanism to authenticate updates of a zone in the DNS database.
Enhanced Certificate Management: The certificate management hast been enhanced. The signature algorithms SHA1, SHA256 and SHA512 and custom Diffie-Hellman primes can now be used when creating certificates. It is further possible to upload authorized keys used for authenticating at the SSH server. Certificate enrollment over SSCEP has been extended and made compatible with Microsoft Windows Server.
Enhanced Firmware Update: A progress bar is now shown when updating the firmware of a module. In addition, the update procedure for the modems ME909 and MU609 has been revised.
New Extensions for Extended Routes: It is now possible to force packets to be forwarded over a specific interface and discard them if the interface is down.
Disable USB Ports: The USB port can be disabled now in order to avoid running any USB code. The USB power supply remains active.
Support for USB Ethernet Asix Adapter: Asix-based USB Ethernet adapters are now supported.
Firewall Logging: Logging of firewall activities can now be achieved by enabling a flag in the firewall rule. This option generates system log entries if a rule has matched.
IKEv2 for IPsec: We have migrated to StrongSwan 5.3.4 and added support for IKEv2 and MOBIKE (RFC 4555). It is also possible to configure Perfect Forward Secrecy (PFS) in detail.
IPsec Expert Mode: IPsec expert mode files can now be generated and uploaded. Currently, this is limited to PKI server mode.
Ignition Voltage Sense: The ignition voltage sense feature of the NB2800 can be used to run a delayed halt of the system if the ignition voltage has dropped.
Improved WLAN Roaming: We improved WLAN background scanning to faster detect nearby stations which guarantess seamless handover to access points with higher signal strength.
Managed WLAN over CAPWAP: We have implemented the Control And Provisioning of Wireless Access Points (CAPWAP) protocol according to RFC 5415. With CAPWAP it is possible to control and monitor the WLAN access-point of the router remotely.
Masquerading by Source Address: It is now possible to perform masquerading for specific source addresses.
Multipath TCP: Support for Multipath-TCP (RFC 6824) has been added. MPTCP can be used to establish a TCP connection with multiple paths in order to maximize resource usage and increase redundancy.
Multiple Admin Accounts: Configuring multiple admin users is now possible.
NAPT Enhancements: The target or source address can now be specified for NAPT rules.
OPC-UA SDK Functions: The SDK has been extended with functions to communicate with an OPC-UA server. The OPC Unified Architecture (OPC-UA) protocol suite provides a cross-platform service-oriented architecture and corresponds to an industry standard that enables software to connect devices, machines and systems from different manufacturers using same interface.
OSPF/BGP: The Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP) routing protocols have been added.
Multiple OpenVPN Client Networks: It is now possible to specify multiple client networks behind an OpenVPN tunnel.
SDK Extensions: We added support for PCRE (Perl Compatible Regular Expressions) in SDK scripts. It is also possible now to send SNMPv3 trap/inform notifications. Functions for mounting and accessing storage media have been extended. The recvmsg function is now able to return the source address of the sender. Using the nb_userpage_register function one can now create webpages which are also visible for non-admin users.
Partial Configuration Update: It is now possible to update the system configuration partially, that means only specific parts of the configuration without resetting other values to factory default.
QoS Bandwidth Congestion: QoS has been extended to automatically measure the bandwidth of a link and adapt the queue sizes accordingly.
QoS for OpenVPN: Running QoS on top of OpenVPN connections is now possible.
RSTP: It’s now possible to perform the Rapid Spanning Tree Protocol (RSTP) according to IEEE 802.1D on top of software-bridged Ethernet ports.
SMS Short Number: Support for sending messages to short codes has been added.
New WWAN Features: The required signal strength can now be specified by means of link quality levels rather than just the RSSI value. You can now further specify the mobile bands to which the modem shall register (if supported).
SNMP Extensions: We have extended the nbAdminTable for storing and scheduling software and configuration updates. Please take a look at the VENDOR-MIB for getting further information.
Updates over SFTP: Software and configuration updates over SFTP are now possible.
Virtualization with LXC: We added support for LXC (see ) which allows customers to set up an isolated operating system for running any third-party applications.
Additional WLAN Features: We have added support for Protected Management Frames (PMF) according to IEEE 802.11w. It is further possible now to limit the available ciphers and run 802.11n with CCMP only. One may also enable the SGI20/SGI40 option if supported by the WLAN module.
CoovaChilli Hotspot: The CoovaChilli captive portal can be provided over a dedicated software release including support for Walled Gardens, RADIUS accounting and bandwidth limiting.

New in Version 3.8

Feature First introduced
Support for USB Ethernet Asix Adapter: Asix-based USB Ethernet adapters are now supported
Sender Network for IGMP Proxy: The configuration of a dedicated sender network for the IGMP proxy has been added.
Support for 802.11w Protected Management Frames: It’s now possible to force 802.11w Protected Management Frames when running as WLAN client or access-point.
No Configuration Secrets in TechSupport: It is now possible to create a TechSupport file without configuration secrets.
Increased Volume for Voice Calls: It is now possible to further increase the volume level for voice calls.
Multicast Downstream Interfaces: We have added support for setting up multiple downstream interfaces for the IGMP proxy.
GPS Supervision: Supervising the GPS service can be configured now more precisely via the Web Manager.
Firmware Update Huawei MU609/ME909: New firmware updates for the Huawei MU609/ME909 modems are now available. They can be found on our FTP server.
IPSec Configuration: We added a continue button for the IPsec pages which allows the user to apply a full set of parameters values at the end of the configuration process.
DynDNS Status: We have added an additional status page which informs about any DynDNS activities.
LTE Bands 1/5 on Huawei ME909: Support for LTE Bands 1 and 5 on Huawei ME909 has been added.
Larger SMS Spool Size: The SMS spool size has been enlarged to spool up to 10 short messages.
OpenVPN Upgrade: OpenVPN has been upgraded to 2.3.7. This version is able to run connections with cipher none again.
New IPsec Algorithms: The encryption algorithm AES192 (for phase 1) and the authentication algorithm SHA2-256 (for phase 2) are now supported.
New GUI Features: Within the GUI it is now possible to query the latest software version available at our FTP server. It can be also queried by running update software latest -v in the CLI. The TOS value for QoS services can be specified numerically now, we further added redundancy events to figure out the current VRRP master/slave state. The GUI will now throw a warning when using an SSL connection and the CA is not trusted. Trusted certificate authorities can be uploaded in the certificate section. In case the GUI is embedded in an other GUI application or if GUI ports are NATed, the user may consider setting http.embed=1 to make page redirection work properly.
Enhancements for RS485 Module: The RS485 extension port has received a larger ring buffer and one can also turn the hardware flow control on or off now.
Multicast Uptream Interface: It is now possible to configure now any interface as upstream interface for the IGMP proxy.
Digital Input Port Measurement: It is now possible to measure the number of toggles of an digital input port. They can be counted by the SDK function nb_dio_count.
New SMS Features: It is now possible to send messages with up to 1024 characters. According to 3GPP TS 23.040, they will be split into multiple chunks with 160 characters each and will be concatenated upon reception. Depending on your modem, you can also request now a delivery report for a sent message.
PCRE for SDK Scripts: It is now possible to use PCRE (Perl Compatible Regular Expressions) in SDK scripts. Please refer to the language manual for getting more information about how to use them.
Certificate Verification: Uploaded or generated keys/certificates will now be verified and the GUI will moan about any certificate errors (e.g. if not yet valid).
OpenVPN Expert Mode File Export: Users are now able to download an OpenVPN expert mode file from a previous standard configuration.
Reset Statistics: It is now possible to reset the WAN link statistics (data downloaded/uploaded) with CLI and SDK scripts.
Support for new product types: NB2710, NB3710.
Support for new internal modems: Huawei MU609 (successor of GTM661W and EM820W).
Support for extension modules: NetModule PCIe cards for Audio, CAN, RS-485, IBIS slave and RS-232.
Enhanced voice gateway: SIP/RTCP support, user agent, Voice support for ME909.
Multicast routing with IGMP proxy: An Internet Group Management Protocol (IGMP) proxy will track multicast group membership information of all LAN interfaces and forward multicast packets as received on the hotlink interface. Sender networks can be specified by adding appropriate host/network routes on the corresponding WAN interface. IGMP is specified in RFC 3376 .
Router Discovery for IPv4: Clients can now discover NetModule Routers using the ICMP Internet Router Discovery Protocol (IRDP) according to RFC 1256.
Multiple WLAN SSIDs: Multiple SSIDs can now be configured. The router will connect to the SSID with highest priority.
IPSec XAUTH (extended authentication): Support for road warrior applications.
Certificate management: NetModule Routers can now request digital certificates at the certificate authority using the Simple Certificate Enrollment Protocol (SCEP) according to the current SCEP Internet-Draft.
Support for assisted GPS (A-GPS): A-GPS is a system that is often able to significantly improve the startup performance, or time-to-first-fix (TTFF), of a GPS satellite-based positioning system.
DynDNS improvements: Support for Dynamic DNS update according to RFC 2136 and support for GnuDIP Dynamic IP DNS service.
SDK extensions: New API functions for SNMP, voice, CAN and Modbus, see latest SDK API manual.
Module firmware update: The firmware of internal modules can now be updated. Supported modules include modems, CAN, IBIS and audio modules.
TFTP server: A TFTP server has be included. It can be enabled by cli set tftpd.status=1. The directory can be set by cli set
FTP server: A TFTP server has be included. It can be enabled by cli set ftpd.status=1. The FTP directory is located in /home/<user>. Note that root is not allowed as FTP user.
Unified OpenVPN configuration files: Unified OpenVPN configuration files containing configuration parameters, root certificate (ca), client certificate (cert) and the client private key (key) can now be imported as a single client.ovpn file.
Bridged VLAN interfaces: VLAN interfaces can now be bridged.
Transparent Firewall: Unobstrusive IP filtering on NB1600 with bridged Ethernet ports.
Speed-test client: A command line version of the client has been integrated. Just type speed-test in the root console.
Upgrades for packages: gpsd, curl, chronyd, php, openvpn, openssl, dropbear, openswan, wlan, wpa_supplicant and hostapd have been updated.
Kernel modules: The kernel modules cdc_acm and ftdi_sio are now present. They are required for our PCIe cards but are also helpful to drive other USB based equipment such as the Bluegiga BLED112 BLE dongle.
Internal software optimizations: Improved config conversion, boot time reduction thanks to new wwanmd.

New in Version 3.7

Feature First introduced
LTE Bands 1/5 on Huawei ME909: Support for LTE Bands 1 and 5 on Huawei ME909 has been added.
Support for Huawei MU609: The Huawei MU609 modem is now supported.
USSD Codes via CLI: The CLI is now able to send/query USSD codes. For instance, one may query the first modem by running:
SNMP Admin Access: For SNMPv1/v2, it is now possible to specify a whole subnet rather than just a host which will be privileged for administrative access.
SDK Events: We have added an function which is able to retrieve additional options for an event.
DHCP Hostname: The GUI status pages are now listing the hostname of DHCP clients (if provided).
Legal Notice: A dedicated GUI page under SYSTEM is now pointing out that NRSW contains in part open source software that may be licensed under GPL, LGPL or other open source licenses. It further provides detailed information for each package now, including the relevant license text and the corresponding source URL. The user is now obliged to accept our end user license agreement during the initial setup of the router. We remind you that the source code of any package can be obtained by contacting our technical support at
Redundancy Status: The VRRP redundancy status including the currently active role can now be shown with CLI. If configured, OpenVPN will be restarted in case the redundancy role changes.
Other Remote IDs for IPSec PKI Clients: It is now possible to specify other remote IDs (FQDN, IP address, etc) when running IPSec as PKI client. Formerly, this has been derived from the Common Name of the certificate only.
Increased Number of IPSec Networks: It is now possible to specify up to 10 networks for each IPSec tunnel.
OpenVPN Duplicates: One single certificate can be used now for multiple clients by setting the following config option: openvpn.tunnel.x.duplicates=allow.
Enhanced WLAN Details: The currently associated WLAN network name (SSID) as well as the DHCP address for WLAN stations can be obtained now with GUI and CLI. The number of received/transmitted bytes are shown correctly now.
Control Debug Levels Via CLI: The debug levels of applications can now be controlled by debug -l <level> <target>.
Send Hostname in DHCP Discover: The hostname of the box is now submitted in DHCP discover requests (option 12 and 81) which can be used to identify the client and assign a corresponding IP address.
Switchback Option for Switchover Links: A configuration option was added which can be used to define an interval after which a switchover link will be teared down, letting links with better priority dial and come up again after the specified time.
Configurable Initial Ping of NTP Server: Time synchronisation was only triggered after the specified NTP servers have been pinged. This can be avoided now by means of a configuration option.
Clear Log Command: We have added a clear-log alias which can be used to clear any logfiles.
Watchdog Keepalive for Surveyor: We implemented a keepalive mechanism for the surveyor which is now periodically notifying the watchdog. If no keepalive has been received within a specific amount of time, the watchdog will reboot the system.
Support for CDMA with SIM: It is now possible to run CDMA in combination with a SIM card.
Update System Time via Config: It is now possible to update the system time by uploading a configuration file with system.time being set. This can be used for instance to bypass any issues regarding the expiration of uploaded certificates.
Ethernet Status: The status of the Ethernet interfaces can be derived now from the GUI and CLI.
OpenVPN Enhancements: It is now possible to specify the HMAC authentication digest for OpenVPN connections. In case of credential-based authentication, the username and password will be obtained now using the via-file method. Running as client, it is possible now to either connect to a single server or choose one of multiple servers in a random or failover way.
40-160V Power Supply: We have added support for a new power supply extension on NB3700 which is able to operate with a primary input voltage of 40-160V.
VLAN Priority: It is now possible to specify the priority for a VLAN interface according to 802.1p/d.
New SDK functions: We have added the seek function for repositioning the read/write file offset. It is also possible now to send specific SNMP traps by using the nb_send_trap function.
Disable Web Manager: It is now possible to completely turn off the Web Manager.
WLAN Station Inactivity: The maximum station inactivity of WLAN clients, i.e. the time until they will be declared as off, can be configured now.
Performance Improvements: We have applied multiple performance enhancements to the system which range from software related improvements up to faster hardware access. They offer a smarter interrupt handling for high-speed transfers over USB-based LTE modems, faster memory access and less-consuming Ethernet packet dispatching. WLAN connections are now operating with a proper transmit power. We have also optimized the watchdog to cope with high system load. Newer versions of NB1600/NB2700 are also shipping with a faster CPU now.
NTP Server Extensions: We have upgraded chronyd to the latest version 2.29.1 which improves compatibility for clients and also fixes some security isses. The NTP server has received additional options to tune its synchronization behaviour. The poll interval, for instance, can be configured now. It is further possible to control access from a particular subnet and to trigger synchronisation manually.
DHCP Server Extensions: The DHCP server is now able to operate as relay agent and relay server. For IP/MAC bindings we have added support for pre-defined static hosts and an option to ignore undefined hosts. Further DHCP options (such as Agent-ID or WINS server) can be specified now.
GPS Daemon Upgrade: The GPS daemon has been upgraded to version 3.9 which is now able to deliver GNSS information in JSON and NMEA format. Clients are nowadays using the new JSON format (see the Berlios site for getting more details). Therefore, it represents the factory default mode now. All legacy modes are still available and backward-compatible to 2.37 clients, so that the new server will integrate flawlessly in existing environments.
IP Aliases: Ethernet-based interfaces are now supporting IP aliases and most applications (HTTP, SSH, Telnet, NTP, etc) can be addressed by those. However, the voice server does not work with IP aliases.
New Provider Database: We have incorporated Gnome’s mobile broadband provider information in order to offer accurate and up-to-date provider settings (APN, username, password) when setting up a WWAN connection.
Support for Sierra MC7700/MC7750: The QMI-based Sierra MC7700 and MC7750 modems are now supported.
PPTP Changes: PPTP’s client network is now by default and ProxyARP is active.
Support for Additional USB Devices (USB-Serial Adapters, USB-Ethernet Adapters, RNDIS Devices): External USB-based serial and network devices can now be embedded to the system, providing the same capabilities as onboard interfaces. They can be enabled by their vendor and product ID (wildcards are supported) and also be connected during runtime (hotplug). The range of available drivers provide support for pl2303- and ch341-based adapters (like the Prolific PL230 and ATEN UC232A) as well as pegasus-based Ethernet/RNDIS adapters. Please ask our support team whether your desired device is supported.
Improved Software Update: The new software update facility enables on-the-fly updates and requires almost no additional memory anymore.
New WLAN Features: We have added support for the WLE200NX module which allows 802.11a operation in the 5 GHz band. Please note that we do not support Dynamic Frequency Selection (DFS) at the moment, thus the range of channels is limited according to local regulations. Nevertheless, we have updated the registry database for operating with a proper transmit power in the available channels. We have also added support for 802.1x certificate-based authentication (WPA-EAP-TLS) and WEP when operating as client. The MTU of the WLAN interface can be configured now.
New SDK Functions: The virtual memory size of a script is now limited to 5MB and it can be monitored individually by the watchdog. The range of SDK API functions have been extended to:
  • Generating user-defined web pages
  • Listing, transferring or deleting files from an FTP or HTTP(s) server
  • Scanning available WWAN or WLAN networks
  • Various network-related functions (e.g. for sending ARP or WakeOnLAN packets)
  • Other system functions (e.g. sending SNMP traps)
IPsec Improvements: NAPT between IPsec peers (especially in case of holding the default route) works more reliably now. Broadcast packets are not encapsulated anymore. It is possible to configure the DPD action and force encapsulation. For roadwarrior configurations, the remote peer can be specified with
SNMP Agent Enhancements: We have added SHA/AES for authentication via SNMPv3. Administrative access via SNMPv1/v2c is now possible from a distinctive subnet.
OpenVPN Enhancements: OpenVPN has been upgraded to version 2.3.2 and it is now feasible to operate with dynamic hostnames. Server and transfer network as well as MTU can be configured.
Firewall / NAPT Enhancements: It is now possible to specify IPsec interfaces, they can also be applied as additional selector for the outgoing interface. Addresses can be grouped and those groups can be used instead of adding multiple rules. By using the LOCAL specifier, it is possible to select packets coming or going to local applications of the box.
IP-Passthrough: It is now possible to implement a pass-through of the WWAN IP address towards a LAN host (e.g. first DHCP client). More or less, the system acts like a modem in such case which can be helpful in case of firewall issues.
Temperature Indication: The system will now show the board temperature (available on NB3700) as well as temperature values derived from sensors of the modems.
CLI Enhancements: The CLI is now showing additional information (such as WWAN download/upload rates, IMSI, ICCID and SIM number) as well as details about the running configuration (name, version, hash). Scanning WWAN and WLAN networks is now possible and it can be used to get debug messages and to generate/send tech reports. We have also added a history command for showing the list of previously entered commands. Startup and config operations will be much faster now
Distintive Supervision: It is now possible to configure ping supervision on a per-link basis. A retry interval option has been added for reducing the network footprint. We are also supervising any IPsec connections now in order to detect broken NAT peers.
New Options for Serial Device Server: Configuration options have been added for showing the banner and enabling remote control according: to RFC 2217.
Deployment: Systems can be deployed over CLI-PHP, HTTP, SSH and console by using an empty password in factory state. We are now supporting LLDP and CDP for device discovery.
Voice Daemon Enhancements: The system is able to receive mobile calls and dispatch them to SIP clients.
Support for CDMA 450: The Cellient MPN200 module and operation in CDMA 450 networks is now supported.
Support for Huawei ME909: The Huawei ME909 module is now generally supported. However, voice calls with this modem are not yet supported.
Secure SSL Client Connections: Client applications will now abort connections to servers with an invalid certificate. Trusted CA root certificates can be uploaded to bypass that.
Support for Multipath Routes: Multipath routes are now being supported. They can be used to distribute IP sessions over multiple hosts. In addition, WAN links can be configured as distributed interfaces in order to balance traffic in the same manner.
GRE Implementation: It is now possible to run GRE tunnels. However, we have not yet completely finished compatibility tests to other systems.
Quality of Service: We have implemented a QoS mechanism based on Linux’s advanced traffic control, so that the system is now capable of prioritizing and shaping bandwidth for particular IP services.
VLAN Implemenation: The Ethernet interfaces are now supporting Virtual LAN (VLAN) according to IEEE 802.1P/Q.