New in v 1.54

ACME

• ACME status for certificates shows when last error happened.
• Make ACME status clear at start up if clock not set yet
• Fix ACME error status to show time of error

BGP

• Add Refresh buttons to BGP UI status page

CLI

• show configuration now allowed (redacted) at "view" level

Config

• Improved syntax checking of numeric fields
• Separate logging for http client accesses
• Added new config access level (demo) allowing test but not commit/save config.

DHCP

• Improve lease expiry when the FireBrick does not know the correct time

Firewall

• Minor change to handling of clashing UDP sessions for better VoIP NAT logic

http

• HTTP client requests now fall back to other IPs (e.g. for code updates, ACME, etc)

IPsec

• Hardware encryption option for testing [EXPERIMENTAL]
• Show hardware acceleration status
• Add hw crypto timeout detection

IPv6

• Prefix Delegation IPv6 address was using a base address not interface specific auto IP, fixed

L2TP

• High availability L2TP (HAL) for testing
• Additional logging on config change
• Fix payload table logic on local auth incoming L2TP sessions
• Consistent NAS-Port attribute on RADIUS STOP records (previously was 0)

LACP

• Prevent unnecessary continuous packet exchange

Manual

• Additional documentation on IPv6 prefix delegation and SLAAC

OS

• Scheduling changes to improve performance under heavy CPU load (eg crypto processing)
• In some circumstances Watchdog panics may report incorrect thread - fixed.

Profiles

• Profile ping of local gateway by ping 0.0.0.0

Session tracking

• Change to default UDP timeout for UDP ports 80 and 443 to help QUIC

SNMP

• Experimental addition of new-style vendor-specific structure to fit better with standard usage of OIDs/MIBs.

System

• Improve DoS detection and logging of ethernet damping

TLS

• Use own server preferences when choosing crypto suite and EC curves; Do not send anchor certificate
• Fix corner-case which may cause a TLS stream to go into limbo with TCP stuck in CLOSE_WAIT
• Improve TLS session end - avoid occasional crashes/lockups.
• Fix a couple of TLS issues causing problems with ACME and downloading large pages
• Finally fixed TLS issue
• Extra diagnostics added to help with occasional TLS crashes

UI

• Improve UI status reporting for bgp, including ability to filter routes list

USB

• Send packet filter setting when opening 4G dongle.
• Further 4G USB improvements - ensure DHCP-obtained IP address is refreshed on dongle insertion.
• Fix problems with multiple 4G dongles (when using a hub)
• Fix problem with dongle status not always showing correctly

VoIP

• RADIUS setting to explicitly set P-Asserted-Id needed for VoIP carriers

VRRP

• Incorrect error message for ID clash in VRRP, fixed

Web config editor

• Tweak to config edit to make default values more obvious