Note:The ER-X/ER-X-SFP/EP-R6has more limited storage, and in some cases, an upgrade may fail due to not enough space. If this happens, remove the old backup image first (using "delete system image" command, seeherefor more details) before doing an upgrade.
More details can be found in the release notes below. Please give it a try if you are interested in the new features/changes to help us test them so that we can get the release out sooner! Thanks very much!
Changes since v1.10.8
[PlatformOS] - Upgraded underlying Debian distribution fromWheezytoStretch. NOTE:You will need to manuallyupdate "system package repository xxx distributionstretch"if you wishto install 3rd party packages from Debian repository
[IPSec] - Add new "vpn ipsec gobal-config" CLI command that allows overriding anystrongswanconfig option. For instance following commands reconfiguresbypass-lanplugin by excluding eth0 from bypass list:
set vpn ipsec global-config "charon.plugins.bypass-lan.load := yes"
set vpn ipsec global-config "charon.plugins.bypass-lan.interfaces_ignore := eth0"
Syntax of "vpn ipsec gobal-config" should be compliant withformat-options.pyutility fromstrongswansuite as definedhere
[IPSec] - Add new CLI commandallow-access-to-local-interfacethat configures firewall to accept traffic destined to local interfaces of EdgeRouter:
set vpn ipsec allow-access-to-local-interface enable
Previously hosts from remote IPSec networks were not able to access ER, but now, ifallow-access-to-local-interfaceis enabled, then hosts from remote IPSec networks can reach ER local interface and access management interface (SSH or WebGUI). Discussedhere
[UNMS] - Add CLI command to enable/disable LLDP in UNMS. When UNMS is configured then it uses LLDP to discover neighbor routers. This functionality is enabled bydefaultbut it can be disabled via CLI like so:
[Routing] -ECMP route selectionmethodis switched fromround-robintohash-based,This became possibleaftermigrating to4.x linux kernel. Discussedhere
[Dnsmasq] - Removed 1K DHCP max lease limit in dnsmasq. Prior to this dnsmasq would stop leasing additional IPs after reaching 1000 active leases. Removing this limit has minimal impact on memory usage and solves issue when dnsmasq would suddenly stop leasing new IP addresses.
[DHCPv6] - Fix bug when DHCPv6 client stops (or restarts) when admin logs out of terminal. Discussedhere
[LoadBalancing] - LoadBalancing randomly fails ifhwnatoffloading is enabled on ER-X and ER-X-SFP models. LoadBalancing watchdog randomly reportsfalse-positiveinterface-failure events and switches to backup link when it should not. Workaround is to disable hwnatoffloading.
[PPPoE] - PPPoE client interface randomly fails to reconnect with PPPoE server whenhwnatoffloading is enabled on ER-X and ER-X-SFP router models. This issue was noticed only when in LoadBalancing or ECMP setups. Workaround is to disable hwnat offloading.
[Offloading] - IPSec offloading does not work on ER-X and ER-X-SFP
Updated software components:
Systemd (232-25+deb9u4 )
Upgraded linux kernel to v4.9.79 for Octeon-based routers (ER, ER-pro, ER-lite, ER-PoE, ER-Infinity)
Upgraded linux kernel to v4.14.54 for Mediatek-based routers (ER-X, ER-X-SFP)
Bootloader enhancements and fixes:
Note: Latest bootloader is stored inside EdgeOS firmware since v1.10.7. You can check currently installed bootloader version with "show system boot-image" CLI command and then upgrade it with "add system boot-image" CLI command .