This is an old revision of the document!


NRSW Releases

For an overview on NetModule Router Software (NRSW) see the NRSW factsheet.

Downloads

Software Release Schedule

Major Release

  • Integrates new features
  • Full release testing
  • Two release dates per year
    • Major Release (LTS): Long Term Support, End of Support and Repair 3 years after General Availability (GA)
    • Major Release (STS): Short Term Support, End of Support and Repair 1 year after General Availability (GA)

Bugfix & Security Release

  • Bugfixes for major releases
  • Security patches for major releases
  • Delta release testing
  • Two release dates per year

Feature Beta Release

  • Preview of new features
  • Beta version – not fully tested, bugfixes not guaranteed
  • Release dates on demand

Release History

New in Version 4.2

Feature First introduced
More status information on SWI interface for QMI based WWAN modules: The WWAN status information was extended to show information on SWI status. 4.2.0.104
IPSec now supports certificate chains: You can now upload certificate chains for IPSec connection establishment. 4.2.0.104
Updated link to latest software: The default link for automated software updates was pointing to wrong location. That was fixed. 4.2.0.104
U-blox Toby L2 Series: The u-blox Toby-L200 and Toby-L201 are now supported by NRSW. 4.2.0.104
Provide system time to NB1601 GNSS module on boot: To acquire faster GNSS 1x we initialize the internal clock of the GNSS module with the system time. 4.2.0.104
Watchdog supervision of OSPF and BGP daemon: OSPF and BGP daemon are now supervised by watchdog. This will result in a reboot and reinitialization of the router if one of these daemons crashes. 4.2.0.104
APN credentials printed to logs: With debug set to maximum the login credentials for the WWAN APN were printed to the logs. In most setups there is no secret data in APN credentials as they are common for all customers of one provider and can be looked up on the Internet, but if you use a private APN they should not show up in the logs. 4.2.0.104
Assisted GPS: Assisted GPS is now supported with u-blox Neo M8 GNSS modules. 4.2.0.104
Voice signaling: Voice signaling is now possible without any Voice license on voice capable hardware. 4.2.0.100
SW update package validated before upload: An invalid SW update package is identified in the web interface before the actual transfer to the target was performed skipping the process of slow up-load of potential invalid packages via mobile network. The new architecture also allows us to provide better and more detailed feedback on the current status of the update. 4.2.0.100
New version of igmpproxy: Igmpproxy was updated to version 0.2.1. This also fixes a bug on interfaces with an alias IP setup. 4.2.0.100
Several changes to the WLAN settings to comply with RED (2014/53/EU). 4.2.0.100
WLAN advanced user license: To set up regulatory domain and antenna gain parameter it is required to have a WLAN advanced user license. The new default parameters are “EU” for the regulatory domain and “3 dBi” for the antenna gain. Please contact our customer support if you need this a WLAN advanced user license 4.2.0.100
HTTPS access with client certificates: Functions which communicate with HTTPS-Servers (like SW update from URL or SDK) can now authenticate with client-certificate and key. 4.2.0.100
MQTT publishing from SDK: Functions for publishing MQTT messages were added to the SDK scripting language. 4.2.0.100
Password hashes replace encrypted passwords in configuration: We changed our password handling to use cryptographic hashes instead of symmetric encrypted passwords where ever possible. Therefor you have to provide the administrator password on downgrade to older SW releases as these still rely on the passwords to be stored on the device. For SNMP access the passwords still need to be available. Therefor users which shall be able to log in via SNMP need the new setting “Store password in device” to be enabled. 4.2.0.100
GNSS default antenna type set to “active”: As passive GNSS antennas are very uncommon these days we changed the default setting to active. This is only valid on factory default configuration. A configuration update will keep the existing settings. 4.2.0.100
Support for new NB1601: The new NB1601 router is supported first time by 4.2.0.100. 4.2.0.100
Wait for configuration change task to be finished: Changing a configuration setting via CLI or SDK does not block. A new function was implemented to request if all pending tasks have been finished and it is safe to send new configuration change requests. 4.2.0.100
WLAN MESH: The support of WLAN Mesh (802.11s) is now available. It is possible to configure a pure mesh point or a mesh access point (mesh point and access point). Currently the encrypted Mesh with TI based Router (NB800, NB1601) is only compatible among themselves. 4.2.0.100
Support for new GNSS modules: Added support for new Ublox NEO-M8 modules. 4.2.0.100
uBlox TOBY-L2 support: The uBlox Toby-L2 LTE modem is now supported. 4.2.0.100
WLAN Inter Access Point Protocol (IAPP): It is now possible to enable IAPP within the WLAN configuration. This feature will inform the old access point that a WLAN client has associated with a new access point. 4.2.0.100
Number of VLANs increased: It is now possible to configure up to 10 VLANs instead of 5. 4.2.0.100
Update of time zone data: North Korea switched back to +09 on 2018-05-05. Our best wishes to all Korean people. 4.2.0.100
CLI shows WLAN channel: The cli status command will show the current WLAN channel if access point or dual mode is configured. 4.2.0.100
LED configuration: All LEDs except for “STAT” can be configured to different function like LAN, WAN, WLAN, WWAN, etc. 4.2.0.100
Bridges without STP: It is possible now to switch off STP completely on bridg-devices. 4.2.0.100
GUI improvements: Allow Upload of keys and certificates in nested p12 files. IP pass-trough setup failed on web interface with recent SW releases. Obsolete GUI interfaces have been removed. 4.2.0.100
React faster on GNSS flaps: The maximum GNSS flaps were evaluated only once every 5 minutes. This has been changed. Now the GNSS supervision will take action as soon as the maximum flaps have been detected. 4.2.0.100
NB2800 with Push-To-Talk module: Added support for new Push-To-Talk module on NB2800. 4.2.0.100
Configuration of NTP server stratum: The stratum of NTP server in case of GNSS sync or time from internal clock can be configured now. As these sources are not very accurate this feature should be used with care. Please contact our customer support for detailed information. 4.2.0.100
Refactory of config converter: Our config conversion tool cfconvert which is responsible for converting older and newer configuration files to the configuration release needed by the current version was refactored speeding up this step of SW update or configuration apply by factor or 3-5 and reducing the required flash space by several hundred kB which was required for implementation of other features on older hardware like NB1600 or NB2700 with very limited flash space. As a side effect the conversion to configuration versions other than the one used by the current SW release is not supported any more. In normal operation this is not needed anyway. If you have such a requirement please contact our technical support. 4.2.0.100
Recover from power fail on Sierra Wireless MC7430 and MC7455 firmware update: We have seen LTE modules MC7430 and MC7455 to enter error state if a power fail occurred while FW update was in progress. Counter measurements have been taken to retry a failed update and finally trying roll back to latest working version in case of reoccurring update failures. 4.2.0.100
Power down Sierra Wireless LTE modules on ignition sense power cycle: If we power down NB2800 due to ignition sense routers with MC7430 and MC7455 will hold module power up for an additional time out. This will increase the power down time, but is suggested as good practice by the module manufacturer. 4.2.0.100
Navigation mode of ublox GNSS modules: The operational mode of ublox GNSS modules is now automatically set up portable or stationary depending on the router setting admin.area (mobile or stationary). 4.2.0.100

New in Version 4.1

Feature First introduced
Voice signaling: Voice signaling is now possible without any Voice license on voice capable hardware. 4.1.0.103
MQTT publishing from SDK: Functions for publishing MQTT messages were added to the SDK scripting language. 4.1.0.103
Wait for configuration change task to be finished: Changing a configuration setting via CLI or SDK does not block. A new function was implemented to request if all pending tasks have been finished and it is safe to send new configuration change requests. 4.1.0.103
Support for new GNSS modules: Added support for new Ublox NEO-M8 modules. 4.1.0.103
uBlox TOBY-L2 support: The uBlox Toby-L2 LTE modem is now supported. 4.1.0.103
Number of VLANs increased: It is now possible to configure up to 10 VLANs instead of 5. 4.1.0.103
Update of time zone data: North Korea switched back to +09 on 2018-05-05. Our best wishes to all Korean people. 4.1.0.103
Bridges without STP: It is possible now to switch off STP completely on bridg-devices. 4.1.0.103
GUI improvements: Allow Upload of keys and certificates in nested p12 files. IP pass-trough setup failed on web interface with recent SW releases. Obsolete GUI interfaces have been removed. 4.1.0.103
React faster on GNSS flaps: The maximum GNSS flaps were evaluated only once every 5 minutes. This has been changed. Now the GNSS supervision will take action as soon as the maximum flaps have been detected. 4.1.0.103
Configuration of NTP server stratum: The stratum of NTP server in case of GNSS sync or time from internal clock can be configured now. As these sources are not very accurate this feature should be used with care. Please contact our customer support for detailed information. 4.1.0.103
Recover from power fail on Sierra Wireless MC7430 and MC7455 firmware update: We have seen LTE modules MC7430 and MC7455 to enter error state if a power fail occurred while FW update was in progress. Counter measurements have been taken to retry a failed update and finally trying roll back to latest working version in case of reoccurring update failures. 4.1.0.103
Recover from power fail on Sierra Wireless MC7430 and MC7455 firmware update: We have seen LTE modules MC7430 and MC7455 to enter error state if a power fail occurred while FW update was in progress. Counter measurements have been taken to retry a failed update and finally trying roll back to latest working version in case of reoccurring update failures. 4.1.0.103
Power down Sierra Wireless LTE modules on ignition sense power cycle: If we power down NB2800 due to ignition sense routers with MC7430 and MC7455 will hold module power up for an additional time out. This will increase the power down time, but is suggested as good practice by the module manufacturer. 4.1.0.103
Conversion of configuration version 1.12: Configuration files of version 1.12 can be imported or converted on down grade from newest SW release. 4.1.0.103
Support for new eMMC chipsets: Due to an EOL notice we changed the eMMC chipset of NB2800. Support for this chipset was implemented. 4.1.0.102
OpenVPN pushed IP address: It is possible to apply the network settings pushed by OpenVPN server for a TAP device. 4.1.0.102
Consider only 3G/4G networks for WWAN data link: It is possible to restrict a WWAN interface to connect only on 3G or 4G networks. 4.1.0.102
Provide same USB drivers for all platforms: For our products different drivers for external USB serial or USB ethernet adapters had been shipped. We now provide the same drivers for all our routers. Please refer to our manual for detailed description of supported 3rd party hardware. 4.1.0.102
GUI improvements: A change of the IP of the WLAN AP in dual-mode operation did not automatically change the DHCP range appropriately. A SIM card which required a PIN did show “unknown” for pin protection in overview and “error” on SIM state until the correct PIN was applied. It is now possible to install LXC containers directly from the web interface on devices with virtualisation support. The web GUI does not offer HW flow control on internal serial ports which do not support this. The current IPsec status shown in the web interface was inconsistent at different locations. The status is shown identical everywhere now. A WAN interface on a disabled LAN port would show as “dialing” in the overview. That was fixed. It shows “disabled” now. On too many VLAN interfaces the GUI showed inconsistent data. WLAN networks which do not match on channel selection in WLAN dual mode are not selectable any more in the web GUI. The uptime of OpenVPN clients is shown in UTC in the web interface. That is explicitly mentioned now. 4.1.0.102
GPS required fix accuracy default value changed to 50m: The required accuracy for a GPS fix was changed from 15m to 50m. 4.1.0.102
Better help text on CLI: The help text for CLI was missing a parameter on firmware update. 4.1.0.102
New SNMP field showing the activation time of a new software update: Software update via SNMP is done in two steps: First the new release is updated, second is the activation of the previously updated software release. So far only the time stamp of the download could be obtained via SNMP. Now also the activation time stamp can be requested via SNMP. 4.1.0.102
WLAN client TLS version: It is now possible to configure the preferred TLS version for each WLAN client network if WPA-EAPTLS is configured. 4.1.0.102
SDK improvements: It is possible now to perform an incremental configuration update from the SDK now. This is analogue to the option “missing config directives will be ignored” in the web GUI. 4.1.0.102
Exclude WAN links from HotsPlots VPN: By default all available WAN links are used for transmission of Hotspot data. It is possible now to omit WAN links from data transmission. 4.1.0.102
Allow individual SSL settings for WPA-EAP-TLS: It is possible now to set up individual SSL settings for WLAN with WPA-EAP-TLS setup. Please contact our customer support if you need this feature. 4.1.0.102
Support for new configuration version 1.11: The new software release supports conversion of configuration files with version ID up to 1.11. 4.1.0.102
Limit band width per Wi-Fi client: In AP mode the maximum band-width may be limited per Wi-Fi client. 4.1.0.100
GUI improvements: On interfaces which show a minus symbol to remove entries (i.e. firewall rules) the corresponding setting was deleted immediately. This is now safeguarded by an alert to prevent accidental remove of settings. 4.1.0.100
Firmware blobs: To comply with RED is not possible to load unsigned firmware blobs any more. All firmware blobs are signed now. 4.1.0.100
Timezone update: The timezone list has been updated to version 2017c. 4.1.0.100
SNMPv3 engine ID con1guration: Engine ID for SNMPv3 traps can be configured now. 4.1.0.100
CAN shield for NB800: The NB800 Dual-CAN shield is now fully supported. 4.1.0.100
WLAN drivers: The WLAN drivers have been updated to a newer version. 4.1.0.100
Bridge VLAN interfaces: Software bridge devices BR0 and BR1 were added to the options provided for bridged VLAN interfaces. This allows VLAN interfaces to be bridged with WLAN and layer two VPN (TAP) interfaces. 4.1.0.100
NB800 COM/IO shield: NB800 with COM/IO has now full support for IO interface. 4.1.0.100
Hayes AT Modem Emulator: Devices with serial interface provide a Hayes AT Modem Emulator. This can be used to replace existing modem based data-call applications. For further information read our case study. 4.1.0.100
WLAN SSID: The WLAN SSID configuration via webgui has been revised to allow more special characters. 4.1.0.100
Hostapd and wpa-supplicant updates: Hostapd and wpa-supplicant were updated to version 2017-08-24. 4.1.0.100
WLAN firmware update: The WLAN chipset firmware files of the NB800 and routers with an 802.11ac WLAN chipset were updated to a newer version. 4.1.0.100
Regulatory Database: The wireless regulatory database is handled as firmware file now. 4.1.0.100
Mobile IP services: Starting with release 4.1.0.100 Mobile IP is activated by default and does not require an extra software license. 4.1.0.100

New in Version 4.0

Feature First introduced
Wait for configuration change task to be finished: Changing a configuration setting via CLI or SDK does not block. A new function was implemented to request if all pending tasks have been finished and it is safe to send new configuration change requests. 4.0.0.111
Support for new GNSS modules: Added support for new Ublox NEO-M8 modules. 4.0.0.111
uBlox TOBY-L2 support: The uBlox Toby-L2 LTE modem is now supported. 4.0.0.111
Conversion of configuration version 1.12: Configuration files of version 1.12 can be imported or converted on down grade from newest SW release. 4.0.0.111
Provide same USB drivers for all platforms: For our products different drivers for external USB serial or USB ethernet adapters had been shipped. We now provide the same drivers for all our routers. Please refer to our manual for detailed description of supported 3rd party hardware. 4.0.0.110
GUI improvements: A SIM card which required a PIN did show “unknown” for pin protection in overview and “error” on SIM state until the correct PIN was applied. The current IPsec status shown in the web interface was inconsistent at different locations. The status is shown identical everywhere now. A WAN interface on a disabled LAN port would show as “dialing” in the overview. That was fixed. It shows “disabled” now. 4.0.0.110
New SNMP field showing the activation time of a new software update: Software update via SNMP is done in two steps: First the new release is updated, second is the activation of the previously updated software release. So far only the time stamp of the download could be obtained via SNMP. Now also the activation time stamp can be requested via SNMP. 4.0.0.110
Allow individual SSL settings for WPA-EAP-TLS: It is possible now to set up individual SSL settings for WLAN with WPA-EAP-TLS setup. Please contact our customer support if you need this feature. 4.0.0.110
Support for new configuration version 1.11: The new software release supports conversion of configuration files with version ID up to 1.11. 4.0.0.110
Firmware Update for Sierra Wireless MC74xx Modems: It is now possible to upgrade the firmware for Sierra MC74xx modems. 4.0.0.108
TCP Timestamps: TCP timestamps are part of the PAWS (Protection Against Wrapped Sequence numbers) mechanism which avoid that TCP sequence numbers will wrap and break long data stream transfers on a very fast network connection. However, if TCP timestamps are enabled, a remote attacker can guess the uptime of the system which may indicate that no recent security patches have been applied. If desired, this option can be turned off now. 4.0.0.107
SCEP CA Identifier: We have added option to configure the CA identifier which is used to pair with the SCEP server. 4.0.0.107
Number of Firewall Groups/Rules: The number of firewall groups has been increased from 5 to 10. The number of firewall rules has been increased from 35 to 50. 4.0.0.107
Secondary DHCP Relay Server: It is now possible to specify a secondary DHCP relay server. 4.0.0.107
GPS Flap Detection: Under some rare circumstances it happened that the GPS signal was flapping and not getting stable anymore. It is now possible to set surveyor.gnss.maxflaps (max. number of flaps per 5min) and reset the module if exceeded. 4.0.0.107
QoS and WLAN EAP: If QoS was operating on a WLAN interface it may have happened that EAP packets were not delivered in in-time. They will now pass through the scheduler without any restriction. 4.0.0.107
New Events: Added system-error and system-no-error events which indicate service failures. 4.0.0.107
Signature Algorithm for Certificates: It is now possible to configure the signature algorithm used when creating certificates. 4.0.0.107
Improved SMS Management: The SMS daemon is now able to handle scrambled message indexes. Usually this does not happen but will be covered now. 4.0.0.107
IP Address of WLAN Clients: The IP address of WLAN clients will now be shown in CLI/GUI even if it has not been assigned via DHCP. 4.0.0.107
Drop ICMP Packets with Timestamps: With ICMP timestamps enabled, a remote attacker might be able to guess the uptime of the system. Thus, any ICMP packets containing timestamps are now being dropped. 4.0.0.107
Serial Attributes for IBIS: It is now possible to configure all required serial attributes for the IBIS interface. 4.0.0.107
Power Down on Deactivated USB Ports: Deactivated USB ports will be now without power. 4.0.0.106
SDK Debug Levels: It is now possible to set, get and reset the debug level of system daemons. 4.0.0.106
Updating Backup Configuration: The backup configuration, i.e. the configuration stored during a software update, can now be updated by using the CLI with -b switch. The corresponding configuration will be applied when the software update is being finished at next reboot. 4.0.0.106
CLI Virtualization Status: The CLI is now able to display status information about any running virtual guests. 4.0.0.105
Band Selection for Sierra MC7430: It is now possible to select the preferred band for the Sierra MC7430. Operation in LTE band 28 has been verified with Australian provider Telstra. 4.0.0.105
Serial Device Server Keepalive: The device server for serial ports is now supporting the keepalive NOP command when using the telnet protocol. 4.0.0.105
More DHCP Leases: The DHCP server does now support more than 100 leases. 4.0.0.105
SDK Arguments: The arguments for SDK scripts can now contain slashes and colons. 4.0.0.105
Support for Huawei MC7430: The Huawei MC7430 is now supported. This modem does not support voice calls yet. 4.0.0.104
New SDK Functions: USSD requests can now be issued using the nb_ussd_query function. We further added an uptime function which returns the number of seconds since bootup. 4.0.0.104
DHCP Server on Alias Address: The DHCP server was restricted to operate on the primary address. It can also use the alias address now. 4.0.0.104
NB2800 Console: It’s now possible to enable the printout of the serial console. 4.0.0.104
NB2800 Voice Gateway: The NB2800 supports now up to 4 voice modems with up to 3 concurrent channels. 4.0.0.104
LXC Device Configuration: It is now possible to configure CAN devices which will be available in the LXC guest. 4.0.0.104
New SNMP Extensions: The nbGnssTable is now showing horizontal speed, vertical speed and the track angle. The nbAdminTable is now showing the current system date. Counters for downloaded/uploaded data in the nbWanTable are now wrapped correctly. The IF-MIB is now returning proper ifOpenStatus values. We also fixed some typos in the VENDOR MIB description. 4.0.0.104
TAB Completion for parrotlog: The parrotlog application does now expand any parameter if the TAB key is hit. 4.0.0.104
Enhanced IPsec Supervision: IPsec tunnels will now be reloaded individually if they are down for 1 minute. The whole IPsec service will be restarted if all tunnels are down for 3 minutes. 4.0.0.104
Firewall Rules for OSPF: It is now possible to filter out OSPF packets by means of firewall rules. 4.0.0.103
Static Multicast Routing: We have added support for static multicast routes. Aparat from IGMP Proxy, they can be used to implement bidirectional multicast routing. 4.0.0.103
Console on Serial Port: The serial console can now be turned off completely. The KPL/KBOOT images are not required anymore. 4.0.0.103
SDK Transfers: The nb_transfer functions are now supporting ftps, https, imaps, pop3s, smtps and sftp. Files can now be downloaded to /tmp. We further fixed a flaw when checking URLs. 4.0.0.103
New SNMP Extensions: We have added the following SNMP extensions:
  • nbGnssTable:gnssNumSatUsed
  • nbAdmin::systemError
  • nbWanTable::wanDataDownloadedRoaming
  • nbWanTable::wanDataUploadedRoaming
  • nbWanTable::wanLinkNetmask
  • nbWwanTable::wwanIccid
  • nbWlanTable::wlanSignalStrength
  • nbWlanStationTable

Further, we have added tables of IF-MIB and IP-MIB.

4.0.0.103
Support for Disabling Ethernet Ports: It is now possible to turn off dedicated ports of the Ethernet Switch. 4.0.0.103
Support for En-/Disabling CAN Interfaces: It is now possible to turn on/off CAN interfaces by means of configuration settings. 4.0.0.103
Extended Storage: It is now possible to store syslog messages and SDK files on extended storage if available. 4.0.0.103
Additional DH Groups for IPsec: We have added Diffie-Hellman groups 16-21 used for IPsec. 4.0.0.103
Advanced Hardware Failure Detection: We are now detecting hardware failures at a very early stage and also periodically during runtime. 4.0.0.103
New Managed WLAN Implementation: We have upgraded to FreeWTP for managing WLAN access-points remotely. 4.0.0.103
USSD Queries on Sierra MC Modems: Sending USSD queries has been verified for Sierra MC7304/MC7354/MC7430/MC7455/MC9090. 4.0.0.103
Bootloader Password: The bootloader is now supporting SHA256 salted passwords. The password can now differ from the admin password. 4.0.0.103
WEP Hex Keys for WLAN Client: It is now possible to configure WEP40/WEP104 keys in ASCII and HEX notation. 4.0.0.102
Configurable IP-Passthrough Network: It is now possible to configure the WAN network which will be passed-through to a LAN host and to communicate with other devices in that network. 4.0.0.101
Firmware Update on NB2800/NB3800: Firmware updates can now be run on NB2800/NB3800. 4.0.0.101
SDK Workdays/Weekend Triggers: Triggering scripts only on workdays or weekend is now possible. 4.0.0.101
Kernel/System Upgrade: We have migrated to OpenWRT Chaos Calmer which includes an upgrade to Linux Kernel 3.18.16 and recent versions of the packages. This comes with improvements and security fixes for specific packages. The overall routing performance has been increased significantly. Please note that the toolchain has changed from 4.4.5_uClibc-0.9.31 to 4.8-linaro_uClibc-0.9.33.2. 4.0.0.100
Support for New Models: The new models NB2800 and NB3701/NB3711/NB3800 are now supported. 4.0.0.100
Support for New Modules: The following modules are now supported:
  • Huawei EM100
  • Huawei ME909s
  • Cellient MPL200 (LTE450)
  • GSM-R v2.0 with Voice support
  • Sierra MC7304/MC7354
  • Sierra MC7455
  • Sierra MC9090
  • Compex WLE600VX
  • u-blox NEO-M8L
4.0.0.100
Bridged GRE TAP Interfaces: It is now possible to bridge a GRE TAP tunnel to a LAN interface. 4.0.0.100
DynDNS TSIG Update: Support for dynamic DNS updates via TSIG has been added. Transaction SIGnature (TSIG) is a secure mechanism to authenticate updates of a zone in the DNS database. 4.0.0.100
Enhanced Certificate Management: The certificate management hast been enhanced. The signature algorithms SHA1, SHA256 and SHA512 and custom Diffie-Hellman primes can now be used when creating certificates. It is further possible to upload authorized keys used for authenticating at the SSH server. Certificate enrollment over SSCEP has been extended and made compatible with Microsoft Windows Server. 4.0.0.100
Enhanced Firmware Update: A progress bar is now shown when updating the firmware of a module. In addition, the update procedure for the modems ME909 and MU609 has been revised. 4.0.0.100
New Extensions for Extended Routes: It is now possible to force packets to be forwarded over a specific interface and discard them if the interface is down. 4.0.0.100
Disable USB Ports: The USB port can be disabled now in order to avoid running any USB code. The USB power supply remains active. 4.0.0.100
Support for USB Ethernet Asix Adapter: Asix-based USB Ethernet adapters are now supported. 4.0.0.100
Firewall Logging: Logging of firewall activities can now be achieved by enabling a flag in the firewall rule. This option generates system log entries if a rule has matched. 4.0.0.100
IKEv2 for IPsec: We have migrated to StrongSwan 5.3.4 and added support for IKEv2 and MOBIKE (RFC 4555). It is also possible to configure Perfect Forward Secrecy (PFS) in detail. 4.0.0.100
IPsec Expert Mode: IPsec expert mode files can now be generated and uploaded. Currently, this is limited to PKI server mode. 4.0.0.100
Ignition Voltage Sense: The ignition voltage sense feature of the NB2800 can be used to run a delayed halt of the system if the ignition voltage has dropped. 4.0.0.100
Improved WLAN Roaming: We improved WLAN background scanning to faster detect nearby stations which guarantess seamless handover to access points with higher signal strength. 4.0.0.100
Managed WLAN over CAPWAP: We have implemented the Control And Provisioning of Wireless Access Points (CAPWAP) protocol according to RFC 5415. With CAPWAP it is possible to control and monitor the WLAN access-point of the router remotely. 4.0.0.100
Masquerading by Source Address: It is now possible to perform masquerading for specific source addresses. 4.0.0.100
Multipath TCP: Support for Multipath-TCP (RFC 6824) has been added. MPTCP can be used to establish a TCP connection with multiple paths in order to maximize resource usage and increase redundancy. 4.0.0.100
Multiple Admin Accounts: Configuring multiple admin users is now possible. 4.0.0.100
NAPT Enhancements: The target or source address can now be specified for NAPT rules. 4.0.0.100
OPC-UA SDK Functions: The SDK has been extended with functions to communicate with an OPC-UA server. The OPC Unified Architecture (OPC-UA) protocol suite provides a cross-platform service-oriented architecture and corresponds to an industry standard that enables software to connect devices, machines and systems from different manufacturers using same interface. 4.0.0.100
OSPF/BGP: The Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP) routing protocols have been added. 4.0.0.100
Multiple OpenVPN Client Networks: It is now possible to specify multiple client networks behind an OpenVPN tunnel. 4.0.0.100
SDK Extensions: We added support for PCRE (Perl Compatible Regular Expressions) in SDK scripts. It is also possible now to send SNMPv3 trap/inform notifications. Functions for mounting and accessing storage media have been extended. The recvmsg function is now able to return the source address of the sender. Using the nb_userpage_register function one can now create webpages which are also visible for non-admin users. 4.0.0.100
Partial Configuration Update: It is now possible to update the system configuration partially, that means only specific parts of the configuration without resetting other values to factory default. 4.0.0.100
QoS Bandwidth Congestion: QoS has been extended to automatically measure the bandwidth of a link and adapt the queue sizes accordingly. 4.0.0.100
QoS for OpenVPN: Running QoS on top of OpenVPN connections is now possible. 4.0.0.100
RSTP: It’s now possible to perform the Rapid Spanning Tree Protocol (RSTP) according to IEEE 802.1D on top of software-bridged Ethernet ports. 4.0.0.100
SMS Short Number: Support for sending messages to short codes has been added. 4.0.0.100
New WWAN Features: The required signal strength can now be specified by means of link quality levels rather than just the RSSI value. You can now further specify the mobile bands to which the modem shall register (if supported). 4.0.0.100
SNMP Extensions: We have extended the nbAdminTable for storing and scheduling software and configuration updates. Please take a look at the VENDOR-MIB for getting further information. 4.0.0.100
Updates over SFTP: Software and configuration updates over SFTP are now possible. 4.0.0.100
Virtualization with LXC: We added support for LXC (see linuxcontainers.org ) which allows customers to set up an isolated operating system for running any third-party applications. 4.0.0.100
Additional WLAN Features: We have added support for Protected Management Frames (PMF) according to IEEE 802.11w. It is further possible now to limit the available ciphers and run 802.11n with CCMP only. One may also enable the SGI20/SGI40 option if supported by the WLAN module. 4.0.0.100
CoovaChilli Hotspot: The CoovaChilli captive portal can be provided over a dedicated software release including support for Walled Gardens, RADIUS accounting and bandwidth limiting. 4.0.0.100

New in Version 3.8

Feature First introduced
Support for new GNSS modules: Added support for new Ublox NEO-M8 modules. 3.8.0.114
uBlox TOBY-L2 support: The uBlox Toby-L2 LTE modem is now supported. 3.8.0.114
Conversion of configuration version 1.12: Configuration files of version 1.12 can be imported or converted on down grade from newest SW release. 3.8.0.114
Support for USB Ethernet Asix Adapter: Asix-based USB Ethernet adapters are now supported 3.8.0.107
Sender Network for IGMP Proxy: The configuration of a dedicated sender network for the IGMP proxy has been added. 3.8.0.107
Support for 802.11w Protected Management Frames: It’s now possible to force 802.11w Protected Management Frames when running as WLAN client or access-point. 3.8.0.106
No Configuration Secrets in TechSupport: It is now possible to create a TechSupport file without configuration secrets. 3.8.0.105
Increased Volume for Voice Calls: It is now possible to further increase the volume level for voice calls. 3.8.0.104
Multicast Downstream Interfaces: We have added support for setting up multiple downstream interfaces for the IGMP proxy. 3.8.0.104
GPS Supervision: Supervising the GPS service can be configured now more precisely via the Web Manager. 3.8.0.104
Firmware Update Huawei MU609/ME909: New firmware updates for the Huawei MU609/ME909 modems are now available. They can be found on our FTP server. 3.8.0.103
IPSec Configuration: We added a continue button for the IPsec pages which allows the user to apply a full set of parameters values at the end of the configuration process. 3.8.0.103
DynDNS Status: We have added an additional status page which informs about any DynDNS activities. 3.8.0.103
LTE Bands 1/5 on Huawei ME909: Support for LTE Bands 1 and 5 on Huawei ME909 has been added. 3.8.0.103
Larger SMS Spool Size: The SMS spool size has been enlarged to spool up to 10 short messages. 3.8.0.103
OpenVPN Upgrade: OpenVPN has been upgraded to 2.3.7. This version is able to run connections with cipher none again. 3.8.0.102
New IPsec Algorithms: The encryption algorithm AES192 (for phase 1) and the authentication algorithm SHA2-256 (for phase 2) are now supported. 3.8.0.102
New GUI Features: Within the GUI it is now possible to query the latest software version available at our FTP server. It can be also queried by running update software latest -v in the CLI. The TOS value for QoS services can be specified numerically now, we further added redundancy events to figure out the current VRRP master/slave state. The GUI will now throw a warning when using an SSL connection and the CA is not trusted. Trusted certificate authorities can be uploaded in the certificate section. In case the GUI is embedded in an other GUI application or if GUI ports are NATed, the user may consider setting http.embed=1 to make page redirection work properly. 3.8.0.102
Enhancements for RS485 Module: The RS485 extension port has received a larger ring buffer and one can also turn the hardware flow control on or off now. 3.8.0.102
Multicast Uptream Interface: It is now possible to configure now any interface as upstream interface for the IGMP proxy. 3.8.0.102
Digital Input Port Measurement: It is now possible to measure the number of toggles of an digital input port. They can be counted by the SDK function nb_dio_count. 3.8.0.102
New SMS Features: It is now possible to send messages with up to 1024 characters. According to 3GPP TS 23.040, they will be split into multiple chunks with 160 characters each and will be concatenated upon reception. Depending on your modem, you can also request now a delivery report for a sent message. 3.8.0.101
PCRE for SDK Scripts: It is now possible to use PCRE (Perl Compatible Regular Expressions) in SDK scripts. Please refer to the language manual for getting more information about how to use them. 3.8.0.101
Certificate Verification: Uploaded or generated keys/certificates will now be verified and the GUI will moan about any certificate errors (e.g. if not yet valid). 3.8.0.101
OpenVPN Expert Mode File Export: Users are now able to download an OpenVPN expert mode file from a previous standard configuration. 3.8.0.101
Reset Statistics: It is now possible to reset the WAN link statistics (data downloaded/uploaded) with CLI and SDK scripts. 3.8.0.101
Support for new product types: NB2710, NB3710. 3.8.0.100
Support for new internal modems: Huawei MU609 (successor of GTM661W and EM820W). 3.8.0.100
Support for extension modules: NetModule PCIe cards for Audio, CAN, RS-485, IBIS slave and RS-232. 3.8.0.100
Enhanced voice gateway: SIP/RTCP support, user agent, Voice support for ME909. 3.8.0.100
Multicast routing with IGMP proxy: An Internet Group Management Protocol (IGMP) proxy will track multicast group membership information of all LAN interfaces and forward multicast packets as received on the hotlink interface. Sender networks can be specified by adding appropriate host/network routes on the corresponding WAN interface. IGMP is specified in RFC 3376 . 3.8.0.100
Router Discovery for IPv4: Clients can now discover NetModule Routers using the ICMP Internet Router Discovery Protocol (IRDP) according to RFC 1256. 3.8.0.100
Multiple WLAN SSIDs: Multiple SSIDs can now be configured. The router will connect to the SSID with highest priority. 3.8.0.100
IPSec XAUTH (extended authentication): Support for road warrior applications. 3.8.0.100
Certificate management: NetModule Routers can now request digital certificates at the certificate authority using the Simple Certificate Enrollment Protocol (SCEP) according to the current SCEP Internet-Draft. 3.8.0.100
Support for assisted GPS (A-GPS): A-GPS is a system that is often able to significantly improve the startup performance, or time-to-first-fix (TTFF), of a GPS satellite-based positioning system. 3.8.0.100
DynDNS improvements: Support for Dynamic DNS update according to RFC 2136 and support for GnuDIP Dynamic IP DNS service. 3.8.0.100
SDK extensions: New API functions for SNMP, voice, CAN and Modbus, see latest SDK API manual. 3.8.0.100
Module firmware update: The firmware of internal modules can now be updated. Supported modules include modems, CAN, IBIS and audio modules. 3.8.0.100
TFTP server: A TFTP server has be included. It can be enabled by cli set tftpd.status=1. The directory can be set by cli set tftpd.directory=/path/. 3.8.0.100
FTP server: A TFTP server has be included. It can be enabled by cli set ftpd.status=1. The FTP directory is located in /home/<user>. Note that root is not allowed as FTP user. 3.8.0.100
Unified OpenVPN configuration files: Unified OpenVPN configuration files containing configuration parameters, root certificate (ca), client certificate (cert) and the client private key (key) can now be imported as a single client.ovpn file. 3.8.0.100
Bridged VLAN interfaces: VLAN interfaces can now be bridged. 3.8.0.100
Transparent Firewall: Unobstrusive IP filtering on NB1600 with bridged Ethernet ports. 3.8.0.100
Speed-test client: A command line version of the speedtest.net client has been integrated. Just type speed-test in the root console. 3.8.0.100
Upgrades for packages: gpsd, curl, chronyd, php, openvpn, openssl, dropbear, openswan, wlan, wpa_supplicant and hostapd have been updated. 3.8.0.100
Kernel modules: The kernel modules cdc_acm and ftdi_sio are now present. They are required for our PCIe cards but are also helpful to drive other USB based equipment such as the Bluegiga BLED112 BLE dongle. 3.8.0.100
Internal software optimizations: Improved config conversion, boot time reduction thanks to new wwanmd. 3.8.0.100

New in Version 3.7

Feature First introduced
LTE Bands 1/5 on Huawei ME909: Support for LTE Bands 1 and 5 on Huawei ME909 has been added. 3.7.0.107
Support for Huawei MU609: The Huawei MU609 modem is now supported. 3.7.0.104
USSD Codes via CLI: The CLI is now able to send/query USSD codes. For instance, one may query the first modem by running: 3.7.0.104
SNMP Admin Access: For SNMPv1/v2, it is now possible to specify a whole subnet rather than just a host which will be privileged for administrative access. 3.7.0.104
SDK Events: We have added an function which is able to retrieve additional options for an event. 3.7.0.104
DHCP Hostname: The GUI status pages are now listing the hostname of DHCP clients (if provided). 3.7.0.104
Legal Notice: A dedicated GUI page under SYSTEM is now pointing out that NRSW contains in part open source software that may be licensed under GPL, LGPL or other open source licenses. It further provides detailed information for each package now, including the relevant license text and the corresponding source URL. The user is now obliged to accept our end user license agreement during the initial setup of the router. We remind you that the source code of any package can be obtained by contacting our technical support at router@support.netmodule.com. 3.7.0.103
Redundancy Status: The VRRP redundancy status including the currently active role can now be shown with CLI. If configured, OpenVPN will be restarted in case the redundancy role changes. 3.7.0.103
Other Remote IDs for IPSec PKI Clients: It is now possible to specify other remote IDs (FQDN, IP address, etc) when running IPSec as PKI client. Formerly, this has been derived from the Common Name of the certificate only. 3.7.0.103
Increased Number of IPSec Networks: It is now possible to specify up to 10 networks for each IPSec tunnel. 3.7.0.103
OpenVPN Duplicates: One single certificate can be used now for multiple clients by setting the following config option: openvpn.tunnel.x.duplicates=allow. 3.7.0.103
Enhanced WLAN Details: The currently associated WLAN network name (SSID) as well as the DHCP address for WLAN stations can be obtained now with GUI and CLI. The number of received/transmitted bytes are shown correctly now. 3.7.0.103
Control Debug Levels Via CLI: The debug levels of applications can now be controlled by debug -l <level> <target>. 3.7.0.102
Send Hostname in DHCP Discover: The hostname of the box is now submitted in DHCP discover requests (option 12 and 81) which can be used to identify the client and assign a corresponding IP address. 3.7.0.102
Switchback Option for Switchover Links: A configuration option was added which can be used to define an interval after which a switchover link will be teared down, letting links with better priority dial and come up again after the specified time. 3.7.0.102
Configurable Initial Ping of NTP Server: Time synchronisation was only triggered after the specified NTP servers have been pinged. This can be avoided now by means of a configuration option. 3.7.0.102
Clear Log Command: We have added a clear-log alias which can be used to clear any logfiles. 3.7.0.102
Watchdog Keepalive for Surveyor: We implemented a keepalive mechanism for the surveyor which is now periodically notifying the watchdog. If no keepalive has been received within a specific amount of time, the watchdog will reboot the system. 3.7.0.102
Support for CDMA with SIM: It is now possible to run CDMA in combination with a SIM card. 3.7.0.102
Update System Time via Config: It is now possible to update the system time by uploading a configuration file with system.time being set. This can be used for instance to bypass any issues regarding the expiration of uploaded certificates. 3.7.0.101
Ethernet Status: The status of the Ethernet interfaces can be derived now from the GUI and CLI. 3.7.0.101
OpenVPN Enhancements: It is now possible to specify the HMAC authentication digest for OpenVPN connections. In case of credential-based authentication, the username and password will be obtained now using the via-file method. Running as client, it is possible now to either connect to a single server or choose one of multiple servers in a random or failover way. 3.7.0.101
40-160V Power Supply: We have added support for a new power supply extension on NB3700 which is able to operate with a primary input voltage of 40-160V. 3.7.0.101
VLAN Priority: It is now possible to specify the priority for a VLAN interface according to 802.1p/d. 3.7.0.101
New SDK functions: We have added the seek function for repositioning the read/write file offset. It is also possible now to send specific SNMP traps by using the nb_send_trap function. 3.7.0.101
Disable Web Manager: It is now possible to completely turn off the Web Manager. 3.7.0.101
WLAN Station Inactivity: The maximum station inactivity of WLAN clients, i.e. the time until they will be declared as off, can be configured now. 3.7.0.101
Performance Improvements: We have applied multiple performance enhancements to the system which range from software related improvements up to faster hardware access. They offer a smarter interrupt handling for high-speed transfers over USB-based LTE modems, faster memory access and less-consuming Ethernet packet dispatching. WLAN connections are now operating with a proper transmit power. We have also optimized the watchdog to cope with high system load. Newer versions of NB1600/NB2700 are also shipping with a faster CPU now. 3.7.0.100
NTP Server Extensions: We have upgraded chronyd to the latest version 2.29.1 which improves compatibility for clients and also fixes some security isses. The NTP server has received additional options to tune its synchronization behaviour. The poll interval, for instance, can be configured now. It is further possible to control access from a particular subnet and to trigger synchronisation manually. 3.7.0.100
DHCP Server Extensions: The DHCP server is now able to operate as relay agent and relay server. For IP/MAC bindings we have added support for pre-defined static hosts and an option to ignore undefined hosts. Further DHCP options (such as Agent-ID or WINS server) can be specified now. 3.7.0.100
GPS Daemon Upgrade: The GPS daemon has been upgraded to version 3.9 which is now able to deliver GNSS information in JSON and NMEA format. Clients are nowadays using the new JSON format (see the Berlios site for getting more details). Therefore, it represents the factory default mode now. All legacy modes are still available and backward-compatible to 2.37 clients, so that the new server will integrate flawlessly in existing environments. 3.7.0.100
IP Aliases: Ethernet-based interfaces are now supporting IP aliases and most applications (HTTP, SSH, Telnet, NTP, etc) can be addressed by those. However, the voice server does not work with IP aliases. 3.7.0.100
New Provider Database: We have incorporated Gnome’s mobile broadband provider information in order to offer accurate and up-to-date provider settings (APN, username, password) when setting up a WWAN connection. 3.7.0.100
Support for Sierra MC7700/MC7750: The QMI-based Sierra MC7700 and MC7750 modems are now supported. 3.7.0.100
PPTP Changes: PPTP’s client network is now 192.168.250.0/24 by default and ProxyARP is active. 3.7.0.100
Support for Additional USB Devices (USB-Serial Adapters, USB-Ethernet Adapters, RNDIS Devices): External USB-based serial and network devices can now be embedded to the system, providing the same capabilities as onboard interfaces. They can be enabled by their vendor and product ID (wildcards are supported) and also be connected during runtime (hotplug). The range of available drivers provide support for pl2303- and ch341-based adapters (like the Prolific PL230 and ATEN UC232A) as well as pegasus-based Ethernet/RNDIS adapters. Please ask our support team whether your desired device is supported. 3.7.0.100
Improved Software Update: The new software update facility enables on-the-fly updates and requires almost no additional memory anymore. 3.7.0.100
New WLAN Features: We have added support for the WLE200NX module which allows 802.11a operation in the 5 GHz band. Please note that we do not support Dynamic Frequency Selection (DFS) at the moment, thus the range of channels is limited according to local regulations. Nevertheless, we have updated the registry database for operating with a proper transmit power in the available channels. We have also added support for 802.1x certificate-based authentication (WPA-EAP-TLS) and WEP when operating as client. The MTU of the WLAN interface can be configured now. 3.7.0.100
New SDK Functions: The virtual memory size of a script is now limited to 5MB and it can be monitored individually by the watchdog. The range of SDK API functions have been extended to:
  • Generating user-defined web pages
  • Listing, transferring or deleting files from an FTP or HTTP(s) server
  • Scanning available WWAN or WLAN networks
  • Various network-related functions (e.g. for sending ARP or WakeOnLAN packets)
  • Other system functions (e.g. sending SNMP traps)
3.7.0.100
IPsec Improvements: NAPT between IPsec peers (especially in case of holding the default route) works more reliably now. Broadcast packets are not encapsulated anymore. It is possible to configure the DPD action and force encapsulation. For roadwarrior configurations, the remote peer can be specified with 0.0.0.0. 3.7.0.100
SNMP Agent Enhancements: We have added SHA/AES for authentication via SNMPv3. Administrative access via SNMPv1/v2c is now possible from a distinctive subnet. 3.7.0.100
OpenVPN Enhancements: OpenVPN has been upgraded to version 2.3.2 and it is now feasible to operate with dynamic hostnames. Server and transfer network as well as MTU can be configured. 3.7.0.100
Firewall / NAPT Enhancements: It is now possible to specify IPsec interfaces, they can also be applied as additional selector for the outgoing interface. Addresses can be grouped and those groups can be used instead of adding multiple rules. By using the LOCAL specifier, it is possible to select packets coming or going to local applications of the box. 3.7.0.100
IP-Passthrough: It is now possible to implement a pass-through of the WWAN IP address towards a LAN host (e.g. first DHCP client). More or less, the system acts like a modem in such case which can be helpful in case of firewall issues. 3.7.0.100
Temperature Indication: The system will now show the board temperature (available on NB3700) as well as temperature values derived from sensors of the modems. 3.7.0.100
CLI Enhancements: The CLI is now showing additional information (such as WWAN download/upload rates, IMSI, ICCID and SIM number) as well as details about the running configuration (name, version, hash). Scanning WWAN and WLAN networks is now possible and it can be used to get debug messages and to generate/send tech reports. We have also added a history command for showing the list of previously entered commands. Startup and config operations will be much faster now 3.7.0.100
Distintive Supervision: It is now possible to configure ping supervision on a per-link basis. A retry interval option has been added for reducing the network footprint. We are also supervising any IPsec connections now in order to detect broken NAT peers. 3.7.0.100
New Options for Serial Device Server: Configuration options have been added for showing the banner and enabling remote control according: to RFC 2217. 3.7.0.100
Deployment: Systems can be deployed over CLI-PHP, HTTP, SSH and console by using an empty password in factory state. We are now supporting LLDP and CDP for device discovery. 3.7.0.100
Voice Daemon Enhancements: The system is able to receive mobile calls and dispatch them to SIP clients. 3.7.0.100
Support for CDMA 450: The Cellient MPN200 module and operation in CDMA 450 networks is now supported. 3.7.0.100
Support for Huawei ME909: The Huawei ME909 module is now generally supported. However, voice calls with this modem are not yet supported. 3.7.0.100
Secure SSL Client Connections: Client applications will now abort connections to servers with an invalid certificate. Trusted CA root certificates can be uploaded to bypass that. 3.7.0.100
Support for Multipath Routes: Multipath routes are now being supported. They can be used to distribute IP sessions over multiple hosts. In addition, WAN links can be configured as distributed interfaces in order to balance traffic in the same manner. 3.7.0.100
GRE Implementation: It is now possible to run GRE tunnels. However, we have not yet completely finished compatibility tests to other systems. 3.7.0.100
Quality of Service: We have implemented a QoS mechanism based on Linux’s advanced traffic control, so that the system is now capable of prioritizing and shaping bandwidth for particular IP services. 3.7.0.100
VLAN Implemenation: The Ethernet interfaces are now supporting Virtual LAN (VLAN) according to IEEE 802.1P/Q. 3.7.0.100