DIGI International AnywhereUSB Digi Accelerated Linux Instruction Manual
- June 1, 2024
- DIGI International
Table of Contents
DIGI International AnywhereUSB Digi Accelerated Linux
Specifications
- Manufacturer: Digi International
- Address: 9350 Excelsior Blvd, Suite 700 Hopkins, MN 55343, USA
- Phone: +1 952-912-3444 | +1 877-912-3444
- Website: www.digi.com
- Product Name: Digi Accelerated Linux
- Release Notes Version: 24.3.28.87 (March 2024)
Product Usage Instructions
New Features
- Support for WireGuard VPNs has been added.
- Support for a new Ookla based speed test has been added. (Exclusive to Digi Remote Manager)
- Support for GRETap Ethernet tunneling has been added.
Enhancements
- The WAN Bonding support has been updated with specific conditions for NTP server and WINS server options.
- Support for SNMP traps and Email notifications to be sent when an event occurs has been added and can be enabled on a per-eventtype basis.
- A button has been added to the Web UI Modem Status page to update the modem firmware.
- The OSPF support has been updated to add the capability to link OSPG routes through a DMVPN tunnel with new configuration options.
- The location service has been updated to support interval_multiplier of 0 for immediate forwarding of NMEA and TAIP messages and display HDOP value in various interfaces.
FAQ
-
What is the significance of a mandatory release?
A mandatory release contains critical or high-security fixes that are recommended to be deployed within 30 days of release, especially for devices complying with ERC/CIP and PCIDSS guidelines. -
How can I enable SNMP traps for specific events?
You can enable SNMP traps on a per-event basis by configuring the settings within the device’s interface. -
Where can I find technical support for Digi products?
Digi offers technical support through their team and online resources. You can access product documentation, firmware, drivers, knowledge base, and peer-to- peer support forums on their website at https://www.digi.com/support.
Digi Accelerated Linux Release Notes Version 24.3.28.87
INTRODUCTION
These release notes cover New Features, Enhancements, Fixes to the Digi
Accelerated Linux Operating System for AnywhereUSB, Connect EZ and Connect IT
product lines. For product-specific release notes use the link below.
https://hub.digi.com/support/products/infrastructure-management/
SUPPORTED PRODUCTS
- AnywhereUSB
- Connect EZ
- Connect IT
KNOWN ISSUES
Health metrics are uploaded to Digi Remote Manager unless the Monitoring > Device Health > Enable option is de-selected and either the Central Management
Enable option is de-selected or the Central Management > Service option is set to something other than Digi Remote Manager [DAL-3291]
UPDATE BEST PRACTICES
Digi recommends the following best practices:
Test the new release in a controlled environment with your application before
rolling out this new version.
TECHNICAL SUPPORT
Get the help you need via our Technical Support team and online resources. Digi offers multiple support levels and professional services to meet your needs. All Digi customers have access to product documentation, firmware, drivers, knowledge base and peer-to-peer support forums. Visit us at https://www.digi.com/support to find out more
CHANGE LOG
- Mandatory release = A firmware release with a critical or high-security fix rated by CVSS score. For devices complying with ERC/CIP and PCIDSS, their guidance states that updates are to be deployed onto device within 30 days of release
- Recommended release = A firmware release with medium or lower security fixes, or no security fixes
Note that while Digi categorizes firmware releases as mandatory or recommended, the decision if and when to apply the firmware update must be made by the customer after appropriate review and validation.
VERSION 24.3.28.87 (March 2024)
This is a mandatory release NEW FEATURES
-
Support for WireGuard VPNs has been added.
-
Support for a new Ookla-based speed test has been added. Note: This is a Digi Remote Manager exclusive feature.
-
Support for GRETap Ethernet tunneling has been added. ENHANCEMENTS
-
The WAN Bonding support has been updated
-
Support for a WAN Bonding backup server has been added.
-
The WAN Bonding UDP port is now configurable.
-
The WAN Bonding client has been updated to 1.24.1
-
Support for configuring which 4G and 5G cellular bands can and cannot be used for a cellular connection has been added. Note: This configuration should be used with care as it could lead to poor cellular performance or even prevent the device from connecting to the cellular network.
-
The System Watchdog has been updated to allow for the monitoring of interfaces and cellular modems.
-
The DHCP server support has been updated
-
To offer a specific IP address for a DHCP request received on a particular port.
-
Any requests for the NTP server and WINS server options will be ignored if the options is configured to none
-
Support for SNMP traps to be sent when an event occurs has been added. It can be enabled on a per-event type basis.
-
Support for Email notifications to be sent when an event occurs has been added. It can be enabled on a per-event type basis.
-
A button has been added to the Web UI Modem Status page to update the modem to the latest available modem firmware image.
-
The OSPF support has been updated to add the capability to link OSPG routes through a DMVPN tunnel. There are two new configuration options
a. A new option has been added to Network > Routes > Routing services > OSPFv2Interfaces > Network type to specify the network type as a DMVPN tunnel.
b. A new Redirect setting has been added to Network > Routes > Routing services > NHRP > Network to allow redirection of packets between spokes.
9. The location service has been updated
a. To support an interval_multiplier of 0 when forwarding NMEA and TAIP messages. In this case, the NMEA/TAIP messages will be forwarded immediately rather than caching and waiting for the next interval multiple.
b. To only display the NMEA and TAIP filters depending on the select type.
c. To display the HDOP value in Web UI, show the location command and in the metrics pushed up to Digi Remote Manager. -
A configuration option has been added to the Serial interface support to disconnect any active sessions if the serial port DCD or DSR pins are disconnected. A new CLI command system serial disconnect has been added to support this. The Serial status page in the Web UI has also been updated with the option.
-
The Digi Remote Manager keepalive support has been updated to more quickly detect stale connections and so can recover the Digi Remote Manager connection more quickly.
-
The redistribution of connected and static routes by BGP, OSPFv2, OSPFv3, RIP and RIPng has been disabled by default.
-
The show surelink command has been updated to have a summary view and an interface/tunnel-specific view.
-
The Web UI serial status page and the show serial command have been updated to display the same information. Previously some information was only available on one or the other.
-
The LDAP support has been updated to support a group name alias.
-
Support for connecting a USB printer to a device via a USB port has been added. This feature can used via Python or socat to open a TCP port to process printer requests.
-
The default timeout of the Python Digi device cli.execute function has been updated to 30 seconds to prevent command timeouts on some platforms.
-
The Verizon 5G V5GA01INTERNET APN has been added to the fallback list.
-
The help text for the modem antenna parameter has been updated to include a warning that it may cause connectivity and performance issues.
-
The help text for the DHCP hostname option parameter has been updated to clarify its use.
SECURITY FIXES
- The Linux kernel has been updated to version 6.7 [DAL-9078]
- The Python support has been updated to version 3.10.13 [DAL-8214]
- The Mosquitto package has been updated to version 2.0.18 [DAL-8811] CVE-2023-28366 CVSS Score: 7.5 High
- The OpenVPN package has been updated to version 2.6.9 [DAL-8810] CVE-2023-46849 CVSS Score: 7.5 High CVE-2023-46850 CVSS Score: 9.8 Critical
- The rsync package has been updated to version 3.2.7 [DAL-9154] CVE-2022-29154 CVSS Score: 7.4 High CVE-2022-37434 CVSS Score: 9.8 Critical CVE-2018-25032 CVSS Score: 7.5 High
- The DNSMasq package has been patched to resolve CVE-2023-28450. [DAL-8338] CVE-2023-28450 CVSS Score: 7.5 High
- The udhcpc package has been patched to resolved CVE-2011-2716. [DAL-9202] CVE-2011-2716
- The default SNMP ACL settings have been updated to prevent access via External zone by default if the SNMP service is enabled. [DAL-9048]
- The netif, ubus, uci, libubox packages have been updated to OpenWRT version 22.03 [DAL-8195]
BUG FIXES
- The following WAN Bonding issues have been resolved
- The WAN Bonding client is not restarted if the client stops unexpectedly. [DAL-9015]
- The WAN Bonding client was being restarted if an interface went up or down. [DAL-9097]
- The WAN Bonding interface staying disconnected if a cellular interface cannot connect. [DAL-9190]
- The show route command not displaying the WAN Bonding interface. [DAL-9102]
- The show wan-bonding command displaying incorrect interface status. [DAL-8992, DAL-9066]
- Unnecessary ports being opened in the firewall. [DAL-9130]
- An IPsec tunnel configured to tunnel all traffic whilst using a WAN Bonding interface causing the IPsec tunnel to not pass any traffic. [DAL-8964]
- An issue where data metrics being uploaded to Digi Remote Manager being lost has been resolved. [DAL-8787]
- An issue that caused Modbus RTUs to unexpectedly timeout has been resolved. [DAL-9064]
- An RSTP issue with the bridge name lookup has been resolved. [DAL-9204]
- An issue with the GNSS active antenna support on the IX40 4G has been resolved. [DAL-7699]
- The following issues with cellular status information have been resolved
- Cellular signal strength percentage not being reported correctly. [DAL-8504]
- Cellular signal strength percentage being reported by the /metrics/cellular/1/sim/signal_percent metric. [DAL-8686]
- The 5G signal strength being reported for the IX40 5G devices. [DAL-8653]
- The following issues with the SNMP Accelerated MIB have been resolved
- The cellular tables not working correct on devices with cellular interfaces not called “modem” has been resolved. [DAL-9037]
- Syntax errors that prevented if from being correctly parsed by SNMP clients. [DAL-8800]
- The runtValue table not being correctly indexed. [DAL-8800]
- The following PPPoE issues have been resolved
- The client session was not being reset if the server goes away has been resolved. [DAL-6502]
- Traffic stopping being routed after a period of time. [DAL-8807]
- An issue with the DMVPN phase 3 support where firmware rules needed to the disabled in order to honor default routes inserted by BGP has been resolved. [DAL-8762]
- An issue with the DMVPN support taking a long time to come up has been resolved. [DAL-9254]
- The Location status page in the Web UI has been updated to display the correct information when the source is set to user-defined.
- An issue with the Web UI and show cloud command displaying an internal Linux interface rather than the DAL interface has been resolved. [DAL-9118]
- An issue with the IX40 5G antenna diversity which would cause the modem to go into a “dump” state has been resolved. [DAL-9013]
- An issue where devices using a Viaero SIM could not connect to 5G networks has been resolved. [DAL-9039]
- An issue with the SureLink configuration migration resulting some blank settings has been resolved. [DAL-8399]
- An issue where the configuration was been committed at boot-up after an update has been resolved. [DAL-9143]
- The show network command has been corrected to always display the TX and RX bytes values.
- The NHRP support has been updated to not log messages when disabled. [DAL-9254]
VERSION 23.12.1.58 (January 2024)
NEW FEATURES
- Support for linking OSPF routes through a DMVPN tunnel has been added.
- A new configuration option Point-to-Point DMVPN has been added to Network > Routes > Routing services > OSPFv2 > Interface > Network parameter.
- A new configuration parameter redirect has been added to the Network> Routes > Routing services > NHRP > Network configuration.
- Support for the Rapid Spanning Tree Protocol (RSTP) has been added.
ENHANCEMENTS
- The EX15 and EX15W bootloader has been updated to increase the size of the kernel partition to accommodate larger firmware images in the future. Devices will need to be updated to the 23.12.1.56 firmware before updating to newer firmware in the future.
- A new option After has been added to the Network > Modems Preferred SIM configuration to prevent a device from switching back to the preferred SIM for the configured amount of time.
- The WAN Bonding support has been updated
- New options have been added to the Bonding Proxy and Client devices configuration to direct traffic from specified network through the internal WAN Bonding Proxy to provide improved TCP performance through the WAN Bonding server.
- New options have been added to set the Metric and Weight of the WAN Bonding route which can be used to control the priority of the WAN Bonding connection over other WAN interfaces.
- A new DHCP server option to support BOOTP clients has been added. It is disabled by default.
- The status of Premium Subscriptions has been added the System Support Report.
- A new object_value argument have been added to the local Web API that can be used to configure a single value object.
- The SureLink actions Attempts parameter has been renamed to the SureLink Test failures to better describe its use.
- A new vtysh option has been added to the CLI to allow access to the FRRouting integrated shell.
- A new modem sms command has been added to CLI for sending outbound SMS messages.
- A new Authentication > serial > Telnet Login parameter to been added to control whether a user must supply authentication credentials when opening a Telnet connection to direct access a serial port on the device.
- The OSPF support has been updated to support the setting the Area ID to an IPv4 address or a number.
- The mDNS support has been updated to allow a maximum TXT record size of 1300 bytes.
- The migration of the SureLink configuration from 22.11.x.x or earlier releases has been improved.
- A new System → Advanced watchdog → Fault detection tests → Modem check and recovery configuration setting has been added to control whether the watchdog will monitor the initialization of the cellular modem inside the device and automatically take recovery actions to reboot the system if the modem doesn’t initialize properly (disabled by default).
SECURITY FIXES
- The Linux kernel has been updated to version 6.5 [DAL-8325]
- An issue with sensitive SCEP details appearing the SCEP log has been resolved. [DAL-8663]
- An issue where a SCEP private key could be read via the CLI or Web UI has been resolved. [DAL-8667]
- The musl library has been updated to version 1.2.4 [DAL-8391]
- The OpenSSL library has been updated to version 3.2.0 [DAL-8447]
- CVE-2023-4807 CVSS Score: 7.8 High
- CVE-2023-3817 CVSS Score: 5.3 Medium
- The OpenSSH package has been updated to version 9.5p1 [DAL-8448]
- The curl package has been updated to version 8.4.0 [DAL-8469]
- CVE-2023-38545 CVSS Score: 9.8 Critical
- CVE-2023-38546 CVSS Score: 3.7 Low
- The frrouting package has been updated to version 9.0.1 [DAL-8251]
- CVE-2023-41361 CVSS Score: 9.8 Critical
- CVE-2023-47235 CVSS Score: 7.5 High
- CVE-2023-38802 CVSS Score: 7.5 High
- The sqlite package has been updated to version 3.43.2 [DAL-8339]
- CVE-2022-35737 CVSS Score: 7.5 High
- The netif, ubus, uci, libubox packages have been updated to OpenWRT version 21.02 [DAL-7749]
BUG FIXES
- An issue with serial modbus connections that cause incoming Rx responses from a serial port configured in ASCII mode if the reported length of the packet didn’t match the received length of the packet to be dropped has been resolved. [DAL-8696]
- An issue with DMVPN that caused NHRP routing through tunnels to Cisco hubs to be unstable has been resolved. [DAL-8668]
- An issue that prevented the handling of incoming SMS messages from Digi Remote Manager has been resolved. [DAL-8671]
- An issue that could cause a delay in connecting to Digi Remove Manager when booting up has been resolved. [DAL-8801]
- An issue with MACsec where the interface could fail to re-establish if the tunnel connection was interrupted has been resolved. [DAL-8796]
- An intermittent issue with the SureLink restart-interface recovery action on an Ethernet interface when re-initializing the link has been resolved. [DAL-8473]
- An issue that prevented the autoconnect mode on a Serial port from reconnecting until the timeout had expired has been resolved. [DAL-8564]
- An issue that prevented IPsec tunnels from being established through a WAN Bonding interface have been resolved. [DAL-8243]
- An intermittent issue where SureLink could trigger a recovery action for an IPv6 interface even if no IPv6 tests were configured has been resolved. [DAL-8248]
- An issue with SureLink custom tests has been resolved. [DAL-8414]
- A rare issue on the EX15 and EX15W where the modem could get into an unrecoverable state unless the device or modem was power cycled has been resolved. [DAL-8123]
- An issue with LDAP authentication not working when LDAP is the only configured authentication method has been resolved. [DAL-8559]
- An issue where local non-admin user passwords were not migrated after enabling Primary Responder mode has been resolved. [DAL-8740]
- An issue where a disabled interface would show received/sent values of N/A in the Web UI Dashboard has been resolved. [DAL-8427]
- An issue that prevented users from manually registering some Digi router types with Digi Remote Manager via the Web UI has been resolved. [DAL-8493]
- An issue where the system uptime metric was reporting an incorrect value to Digi Remote Manager has been resolved. [DAL-8494]
- An intermittent issue with migrating IPsec SureLink setting from devices running 22.11.x.x or earlier has been resolved. [DAL-8415]
- An issue where SureLink was not reverting the routing metrics when failing back on an interface has been resolved. [DAL-8887]
- An issue where the CLI and Web UI would not show the correct networking details when WAN Bonding was enabled has been resolved. [DAL-8866]
- An issue with the show wan-bonding CLI command has been resolved. [DAL-8899]
- An issue that prevents devices from connecting to Digi Remote Manager over a WAN Bonding interface has been resolved. [DAL-8882]
References
- IIoT Devices and Services for M2M Networking | Digi International
- IIoT Devices and Services for M2M Networking | Digi International
- Infrastructure Management
- NVD - Vulnerability Metrics
- NVD - CVE-2011-2716
- NVD - CVE-2022-29154
- NVD - CVE-2022-35737
- NVD - CVE-2022-37434
- NVD - CVE-2023-28366
- NVD - CVE-2023-28450
- NVD - CVE-2023-3817
- NVD - CVE-2023-38545
- NVD - CVE-2023-38546
- NVD - CVE-2023-38802
- NVD - CVE-2023-41361
- NVD - CVE-2023-46849
- NVD - CVE-2023-46850
- NVD - CVE-2023-47235
- NVD - CVE-2023-4807
- Support Services | Digi International