*************************************************************************************** Release Notes for Vigor2900 Series Firmware Version : v2.5.6 - Formal Release Release Date : 31st August 2005 Build Time : Thu Aug 25 16:49:13.70 2005 Locality : UK Only Applied Models : Vigor2900, Vigor2900i, Vigor2900G, and Vigor2900Gi NOT for any other models. *************************************************************************************** Upgrading Notes --------------- To upgrade, use the "Firmware Upgrade Utility" which is part of the Vigor2900 router tools. After upgrading successfully, the new firmware version will be shown on the front page of the web configurator. The .RST file contains complete factory default settings and will wipe out all existing router settings. The .ALL file contains firmware only and should retain your existing router settings. Do not attempt to restore old settings from a configuration backup file which was taken from a difference firmware version. Changes since Firmware 2.5.5 ---------------------------- [New Features]: - Add Firewall/MAC Address Control with time schedule - Add Firewall/IM Blocking function - Support IKE/IPSEC DPD function - Provide Internet Access through L2TP protocol - Support Wireless WPA2 security mode (Requires wireless hardware V2, or later - new units shipped after approx May 2005 etc. See later.) [Improvements] - Expand number of NAT sessions from 2500 to 7500 - Add "WAN IP Alias" in PPPoE Internet access mode - Add subnet selection of Relay Agent in DHCP Server Configuration - Support IP range in IP filter rules - Add time schedule function in IP filter - Use better mechanism to defense DOS attacks - Add time schedule function in P2P blocking - Add an option to disallow eDonkey upload traffic in P2P blocking - Use new time schedule function in URL content filter - Add a selection of allow/block websites matching keywords in URL content filter - Add a telnet command("ip dns") to set the DNS server used by router - Add a telnet command("mngt log") to log the router management information to syslog - Use more secure option in MPPE negotiation - Add IKE phase 2 proposal in LAN-to-LAN advanced setup - Display more detail information in NAT session table - Support NAT loopback for 2nd subnet [Corrected Problems] - Buffer leakage caused by L2TP StopCCN messages - IP filter failed to handle port 65535 - Call schedule not working for VPN profiles 17-32 - Can not set More route for Lan-to-Lan VPN profiles 17-32 - Unable to set VLAN and Port Rate Control by FireFox - FTP traffic unable to pass NAT [Notes] - How to find the Wireless Hardware Version: In the "Wireless LAN Setup" > "Wireless Information" > "Firmware Version", the last digit is the Wireless Hardware Version. For example, v1.2.8.16.04.2 means the wireless hardware version is 2. - Time schedule of IP filter, MAC Address Control, P2P/IM blocking and URL filter: Each of these firewall functions has 4 time schedule profiles. Each profile represents one of the 15 profiles in Advanced Setup/Call Schedule Setup. Note that only time settings in the profile are used by firewall functions. Other settings like Action and Idle Timeout will be ignored by firewall functions. - MAC Address Control: Can be used to assign the time that a MAC is allowed to pass the router. It can also be used to filter MACs that are not explicit specified in the list. Note that this function only checks source MAC of packets from LAN side. - DOS Defense: The way to defense flooding attacks before this release depends on the total number of attacks detected on the WAN interface. In this release, each port will detect the number of attacks and defense themselves when threshold is reached. DOS defense function also works on LAN interface. A maximum number limitation of syslog is given in this release(about 10 per second) to prevent the syslog server from DOS attacks by syslog messages. - Block IM: 3 Instant Messenger applications(MSN Messenger, Yahoo Messenger, ICQ/AOL) can be blocked. 4 time schedule profiles can be used to specify the time to block IM. - URL Content filter allow/block option: When Block option is selected, URLs matching the Keywords will be blocked. When Allow option is selected, URLs matching the keywords are allowed to pass, others will be blocked. - IKE/IPSEC DPD(Dead Peer Detection) function: is used to disconnect the IPSec tunnel when the peer is detected as dead. Note that both peer must support DPD for this function to work. - DNS server for router: A new telnet command "ip dns" has been added to set the DNS servers used by router. The router tries to select a primary and a secondary DNS server in the following order: 1. The DNS server set by "ip dns" command(in Static or Dynamic IP page) 2. The DNS server given by the Internet Access server(PPPoE or PPTP/L2TP server) 3. The DNS server for DHCP clients(in LAN TCP/IP and DHCP Setup page) 4. Default DNS server(194.109.6.66 and 194.98.0.1) The telnet command "srv dhcp dnsmanl" is not supported in this release. The "ip dns" command also displays the active DNS server. Changes Since Firmware 2.5.4.3 ------------------------------ [New Features]: - DHCP over IPSec - Apply Firewall/IPFilter to incoming traffic of VPN connections - P2P blocking [Improvement] - Better VPN rekey method for compatible with Nortel router - Support TCP defragment with size limitation of 2000 bytes [Corrected Problem] 1. Disconnect ISDN backup when WAN is reactive in DHCP client mode 2. Reject remote dial-in connection with CHAP authentication when the profile is using PAP ONLY 3. Failed to clean TCP sessions having status 0 in NAT session table (Mantis 0952) 4. Failed to clean TCP sessions having status 3 in NAT session table (Mantis 1065) 5. IPSec tunnel display error in routing table (Mantis 1007) 6. Routing table error when 'change default route' is enable in L2L VPN tunnel (Mantis 0664) [Notes] - The VPN filter only works with direction IN - Enabling P2P blocking does not disconnect current P2P data connections Changes Since Firmware 2.5.2 ---------------------------- [New Features]: - Allow input DNS server in the Internet Access Setup > Static or Dynamic IP setup. - Changing the HTTPS port is now possible. [Improvement] - Increased throughput performance when downloading big files with PPPoE. - Improve the L2TP throughput performance. - Enchance the stability of the wireless connection. - Handle more RADIUS clients. - Better USB printer Plug and Play compatibility [Corrected Problem] - Immune to malformed DNS packet or MX type DNS query. - Improved stability with eMule in DMZ host under heavy load. - Router responsinve after broadcast storm. - UPNP's improvement for My Network Places. - Change the CLI command "wan mtu" with "wan ppp_mss" for more suitable. Changes since Firmware 2.5 -------------------------- [New features] 1. VPN over Wireless LAN 2. 802.1x User Authentication 3. WPA facility support for wireless 802.11g 4. Automatic detection and prevention of IP spoofing on LAN side. [Issues Changed/Fixed] 1. Support the firmware upgarade and restoration via HTTP/TFTP. 2. Disable FTP function to upgrade F/W in order to avoid the router's reboot. 3. Solve the problem on the link speed of the WAN port, particularly, 10 Mbps Half duplex. 4. Improve the speed for the WebUI configuration. 5. Patch the static route failure when some specific IP filter setting. 6. Patch the NAT failure on none directly connected subnet. 7. Patch the port-redirection function failure after a period of usage. 8. Patch the failure that may deny reply for unicast ARP request. 9. Block any WebUI access capability of using network address from WAN side. 10. Support up to 80 characters for username in the Quick Start Wizard when you edit the PPTP or PPPoE profile. [Minor Issues Changed] 1. The default character-set of the web configuration is changed from big5 to iso-8859-1 so that the character set of "Chinese language pack" is not required now. 2. Be able to change the default HTTP port bu using Telnet. 3. Patch the WebUI "VPN Remote Access User Accounts" setup, particularly, for index 12. 4. Patch the failure to configure a static route for a host route. 5. Patch the failure to configure the TCP/IP setting of LAN to LAN profile for the remote network. 6. Improve the WebUI appearance when running on MAC-OS. [END OF FILE] [END oF FILE]