Digi Accelerated Linux User Manual
DIGI INTERNATIONAL
9350 Excelsior Blvd, Suite 700
Hopkins, MN 55343, USA
+1 (952) 912-3444 | +1 (877) 912-3444
www.digi.com
Digi Accelerated Linux (DAL) Release Notes
Connect IT Console Servers
Version 20.5.38.39
INTRODUCTION
This is a production firmware release for all DAL supported products. This is a mandatory
production firmware release
SUPPORTED PRODUCTS
· Connect IT 4
· Connect IT 16
· Connect IT 48
· Connect IT Mini
KNOWN ISSUES
· GRE and passthrough interfaces do not work when interface name is longer than 7 characters
[DAL-2327]
· Health metrics are uploaded to Digi Remote Manager unless the Monitoring → Device Health →
Enable option is de-selected and either the Central Management → Enable option is de-
selected or the Central Management → Service option is set to something other than Digi
Remote Manager [DAL-3291]
· ping interface xxxx CLI command fails when sent through a GRE tunnel [DAL-3300]
UPDATE BEST PRACTICES
Digi recommends the following best practices:
1. Test the new release in a controlled environment with your application before you update
production devices.
2. Unless otherwise noted, apply updates in the following order:
a. Device firmware
b. Modem firmware
c. Configuration
d. Application
Digi recommends Digi Remote Manager or Digi aView for automated device updates. For more
information, follow the instructions for Digi Remote manager or Digi aView in the links below:
1. Instructions for Digi Remote Manager:
93001322_L Release Notes Part Number: 93001322 Page 1
https://www.digi.com/resources/documentation/digidocs/90001436-13/default.htm#tasks/t_update_device_firmware.htm
2. Instructions for Digi aView:
https://www.digi.com/resources/documentation/digidocs/acl-kb/default.htm#Subsystems/kb-6300-cx/update-firmware.htm
If you prefer manually updating one device at a time, follow these steps:
1. Download the firmware file from the Digi firmware support page.
2. Connect to the device’s web UI by connecting your PC to the WAN Ethernet port of the
device and then going to http://192.168.210.1.
3. Select the System tab on the le side of the page.
4. Select the Browse button next to the Firmware image section.
5. Browse for and select the downloaded firmware file.
6. Click the Update Firmware button.
TECHNICAL SUPPORT
Get the help you need via our Technical Support team and online resources. Digi oers multiple
support levels and professional services to meet your needs. All Digi customers have access to
product documentation. firmware, drivers, knowledge base and peer-to-peer support forums.
Visit us at https://www.digi.com/support to find out more.
CHANGE LOG
VERSION 20.5.38.39 (May 29, 2020)
This is a mandatory release
FEATURES
1. LDAP user authentication [DALP-192]
2. Add option on the System → Firmware Update page in the web UI to have the DAL device
query a firmware server for available firmware updates [DALP-481]
3. Added new WiFi → Access points → [ssid_name] → Isolate clients option to enable/disable
WiFi client isolation [DAL-2019]
4. Add configuration options under Central management for a proxy connection to Digi
Remote Manager [DAL-3150]
5. Added new Enable watchdog configuration option to monitor the connection to Digi
Remote Manager, along with options to reboot the device or restart its connection to Digi
Remote Manager if the watchdog times out. The default settings are to restart the
connection to DigiRM if the watchdog times out aer 30 minutes [DAL-2954]
6. New application mode for serial ports to allow full control of serial ports through custom
python/shell programs. Also allows additional USB-to-serial adapters to be configured and
connected to using the /dev/serial/<config_key_name> path [DAL-2807]
ENHANCEMENTS
1. Added the ability to configure DHCP pools larger than /24 subnets [DAL-2864]
2. Add a statusall option to the show ipsec CLI command to display verbose IPsec status
[DAL-2711]
3. Use modem PDP context 1 when an AT&T SIM in inserted to match new requirements from
AT&T [DAL-3093]
4. Add AT&T FirstNet IMSIs so they can be dierentiated from other types of AT&T SIMs [DAL-
93001322_L Release Notes Part Number: 93001322 Page 2
3163]
5. Added Python HID module to allow the DAL device to control PSUs via Python programs
[DAL-2092]
6. Allow network analyzer to be configured to monitor any network interface instead of just
wired Ethernet ports [DAL-2146]
7. Added option to ping CLI command to ping a broadcast address [DAL-2571]
8. Added new health metric to report the interface used by the DAL device for its configured
IPsec tunnels [DAL-2710]
9. Added new health metric to report the LTE SNR value of the modem(s) on the DAL device
[DAL-2904]
10. Limit metrics upload to no more than 2 per minute if backlogged [DAL-2870]
11. Added new Locally authenticate CLI configuration option to control whether a user is
required to provide device-level authentication when accessing the console of the device
through Digi Remote Manager. Default is to allow console access without providing devicelevel authentication, since the user is already logged in and authenticated through DigiRM
[DAL-1510]
12. Report device SKU in RCI response to Digi Remote Manager [DAL-2940]
13. Add wbdata APN to fallback list [DAL-3182]
14. Improved recovery of Telit modem firmware updates should the update get interrupted
[DAL-2984]
15. Fixed spelling of System utilization chart on Intelliflow page in the local web UI [DAL-2260]
16. Added new Health sample upload window debug configuration option to provide a delay
window/jitter when uploading health metrics to Digi Remote Manager (default 2-minutes)
[DAL-2607]
17. Commonize the format and naming of rx/tx health metrics reported to Digi Remote Manager
[DAL-2896]
18. Add IPv6 options to traceroute CLI command [DAL-2618]
19. Add count of bytes transmitted and received to the output of the show network interface
X CLI command [DAL-2980]
20. Updated mmcli-dump command used when generating a support report to only run its list
of AT commands on the cellular modem once [DAL-3013]
21. Updated placement of the Apply button on the Device Configuration page of the web UI to
account for usability on smaller screens and keep it always visible when scrolling [DAL3029]
22. Display the secondary/alternate firmware image version as the Alt. Firmware Version in
the output of the show system CLI command [DAL-3057]
23. Retain modem firmware files in the event that the firmware upgrade was interrupted [DAL-
2856]
24. Renamed OpenVPN server device type configuration options to clarify which options are
OpenVPN managed versus device-only [DAL-2857]
25. Changed the Idle timeout configuration settings for remote-access serial ports to use to
blank instead of 0s, to better match the format of the Idle timeout option for user login
sessions [DAL-2623]
26. Added a 5-second wait time between setting LTE band configuration updates on a Telit
modem and rebooting the modem to apply the configuration change [DAL-2972]
27. Add support for AES_GCM family of IPsec ciphers [DAL-2715]
93001322_L Release Notes Part Number: 93001322 Page 3
BUG FIXES
1. Load FirstNet-specific firmware on Telit LM960 modems when a FirstNet SIM is present (bug
aects firmware versions 20.2.x and older) [DAL-3163]
2. Fix VRRP crashes by upgrading keepalived to version 20.0.20 (bug aects firmware versions
20.2.x) [DAL-3181]
3. Prevent IPsec tunnel from being setup if its local network/interface is down (bug aects
firmware versions 20.2.x and older) [DAL-2336]
4. Fixed rare issue where the cellular modem could not initialize aer resetting the modem
(bug aects firmware versions 20.2.x and older) [DAL-1409]
5. Update analyzer to continue running even if the users SSH session ends (bug aects
firmware versions 20.2.x and older) [DAL-2154]
6. Prevent re-uploading of invalid health metrics data if DigiRM sends a response that the
contents of the health metrics are invalid (bug aects firmware versions 20.2.x and older)
[DAL-2868]
7. Fixed bug preventing stale conntrack entries from being flushed when a WiFi-as-WAN (client
mode) network changes, connects, or re-connects (bug aects firmware versions 20.2.x and
older) [DAL-2775]
8. Fixed timing issue where an IPsec tunnel configured to be built through a specific interface
would not be brought down properly if that network interface went down (bug aects
firmware versions 20.2.x and older) [DAL-3023]
9. Fixed issue preventing backup IPsec tunnel from being established when primary/preferred
tunnel was down (bug aects firmware versions 20.2.x) [DAL-3024]
10. Fixed intermittent reporting issue where web UI and CLI would list the modem as registered
when it was actually connected (bug aects firmware versions 20.2.x and older) [DAL-2329]
11. Fixed failing SureLink IPv6 ping tests (bug aects firmware versions 19.11.x through 20.2.x)
[DAL-2488]
12. Fixed issue with applying policy-based routes to incoming packets from the Internet (bug
aects firmware versions 20.2.x and older) [DAL-2589]
13. Fixed bug preventing passthrough mode from functioning if multicast was also enabled
(bug aects firmware versions 20.2.x and older) [DAL-2709]
14. Fixed rare issue with not receiving a SCEP certificate from the server due to timing issues
between requesting the certificate with a private key and when that certificate can be
downloaded (bug aects firmware versions 20.2.x and older) [DAL-2850]
15. Fixed error displayed in show modem CLI output when modem was not connected (bug
aects firmware versions 20.2.x and older) [DAL-2959]
16. Fixed bug preventing local configuration backups if the configuration directory contained
files or directory paths longer than 100 characters (bug aects firmware versions 20.2.x and
older) [DAL-3137]
17. Fix non-working custom DHCP options (bug aects firmware versions 20.2.x) [DAL-3071]
18. Fix corrupted configuration schema settings aer issuing a config revert CLI command
(bug aects firmware versions 19.8.x through 20.2.x) (bug aects firmware versions 20.2.x
and older) [DAL-3194]
19. Fixed issue where IPsec tunnel is built through default route instead of the configured local
interface (bug aects firmware versions 20.2.x) [DAL-2889]
20. Removed unsupported LED options listed for LR54 units in their digidevice.led Python
module options (bug aects firmware versions 20.2.x) [DAL-3250]
21. Removed empty, blank row from Filesystem page in the web UI when listing the contents of
an empty directory (bug aects firmware versions 20.2.x and older)
22. Fixed issue preventing users from downloading the ovpn client configuration file from the
93001322_L Release Notes Part Number: 93001322 Page 4
web UI on the Chrome browser (bug aects firmware versions 20.2.x and older) [DAL-3262]
SECURITY FIXES
The highest level vulnerability that has been fixed in this release is listed as a High CVSS score of 7.5
1. Update to openssh-8.2p1 (CVE-2019-6111 – CVSS Score: 5.8) [DAL-2860]
2. Fixed user escalation exploit through cloud.drm.sms configuration option (CVSS Score:6.0
Severity:Medium Matrix: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) [DAL-2887]
3. Fixed user escalation exploit through Label configuration setting for serial ports (CVSS
Score: 6.0 Severity: Medium Matrix: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) [DAL-3011]
4. Fixed password exploit through web token (CVSS Score: 5.6 Severity: Medium Matrix:
AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N) [DAL-3069]
5. Update StrongSwan to 5.8.3 [DAL-2866]
6. Updated iputils to s20190709 and traceroute to version 2.1.0 [DAL-2338]
7. Upgrade Linux kernel to version 5.6 [DAL-2873]
8. Update ipset to version 7.6 [DAL-2853]
9. Update OpenSSL to 1.1.1g (CVE-2020-1967 - CVSS Score – 7.5 HIGH) [DAL-2977]
10. Prevent DOM XSS (cross-site scripting) exploit on Terminal page in the web UI (CVSS Score:
4.2 Severity: Medium Matrix: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) [DAL-3068]
11. Prevent user escalation exploit through netflash options in web UI (CVSS Score: 4.1 Severity:
Medium Matrix: AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N) [DAL-3129]
12. Prevent use-aer-free exploit in CLI configuration of OpenVPN (CVSS Score: 5.7 Severity:
Medium Matrix: AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N) [DAL-2963]
13. Prevent XSS vulnerability on the Filesystem page in the web UI where a directory name
with HTML embedded in it would be rendered as HTML rather than plain text (CVSS Score:
4.6 Severity: Medium Matrix: AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N) [DAL-3200]
14. Prevent unauthenticated users from downloading the ovpn client configuration file from
the web UI (CVSS Score: 5.6 Severity: Medium Matrix: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
[DAL-3133]
VERSION 20.2.162.162 (March 17, 2020)
This is a mandatory release
ENHANCEMENTS
1. Add MAC address is support report filename [DAL-2863]
2. Add firstnet-broadband APN for AT&T FirstNet SIMs [DAL-2876]
3. Use ims instead of vzwims APN on Verizon SIMs for proper IMS registration [DAL-2883]
BUG FIXES
1. 1002-CM04/1003-CM11: Fixed cellular high-speed throughput performance issues caused by
CPU slowdown and timing of gathering cellular signal details [DAL-2802]
2. 1003-CM11: Fixed inability to utilize SIM slot 2 of an device with a Telit LE910c4-NF or LM940
modem when the two SIM slots contained SIMs from diering carriers [DAL-2897 & DAL-2986]
3. Fix health metrics warnings in Digi Remote Manager stating the local filesystem's /opt/ directory
was full when it wasn't [DAL-2769]
4. Fixed missing Rx/Tx bytes in show modem CLI command output [DAL-2804]
5. Fixed issue preventing multicast packets from being sent through a network bridge [DAL-2774]
93001322_L Release Notes Part Number: 93001322 Page 5
6. Fixed auto-reboot aer restoring configuration file through local web UI [DAL-2862]
7. Fixed inability to update modem firmware on Sierra EM7511 modules [DAL-2794]
8. Fixed improper modem firmware selection on Telit LM960 module when using a T-Mobile SIM
[DAL-2376]
9. Fixed bug causing the configured Reboot Time to always occur in UTC instead of local timezone
(issue present in older 20.2.162.x firmware versions)[DAL-2859]
10. Fixed bug preventing analyzer from being stopped in the CLI [DAL-2892]
SECURITY FIXES
1. Fix cross-site scripting (XSS) vulnerability on various Status pages in the local web UI [DAL-2818]
2. Fix cross-site scripting (XSS) vulnerability on Configuration page in the local web UI [DAL-2819]
3. Fix cross-site scripting (XSS) vulnerability on Terminal page in the local web UI [DAL-2823]
4. Fix cross-site scripting (XSS) vulnerability on File System page in the local web UI [DAL-2823]
5. Prevent script injection exploit on the Configuration Maintenance page in the local web UI [DAL2797]
6. Prevent unauthorized read/write access to /opt/config/ and /opt/boot when `Interactive Shell`
is disabled [DAL-2865]
7. Prevent analyzer output from being saved outside of the /etc/config/analyzer directory [DAL2672]
VERSION 20.2.162.90 (March 11, 2020)
This is a mandatory release.
NEW FEATURES
1. Telit LM960 LTE CAT18 modem support [DALP-487]
2. Quectel EC25-AF LTE CAT4 modem support [DAL-1817]
3. Digi Remote Manager is set as the default portal for all DAL products [DALP-393]
l Central management via Digi Remote Manager will not be enabled if you upgrade a device
running 19.11.x or older firmware that was previously syncing with an aView instance to
20.2.x or newer firmware, but can be enabled if desired. However, if the device running
20.2.x or newer firmware gets reset (e.g. if someone presses the Erase button on the device,
or erases its config through the web UI or Admin CLI), the device will sync with Digi Remote
Manager by default.
4. Added SureLinkTM default connectivity tests on all WAN interfaces [DALP-402]
l SureLink tests (previously referred to as Active Recovery) will not be enabled by default if
you upgrade a device from 19.11.x or older DAL firmware to 20.2.x or newer firmware, but
can be enabled if desired. However, if the device running 20.2.x or newer firmware gets
reset (e.g. if someone presses the Erase button on the device, or erases its config through
the web UI or Admin CLI), the default SureLink tests will be enabled as part of the default
settings of the device.
5. Background Wi-Fi AP roaming/scanning [DALP-435]
l New Background scanning configuration settings under Client WiFi entries
6. New web UI pages added under the System drop-down with enhanced serial details and
configuration [DALP-465]
7. Support for firmware/OTA updates on Quectel modems [DALP-419]
8. AT&T LWM2M support for Telit LM940/LM960 modems [DAL-2476]
ENHANCEMENTS
93001322_L Release Notes Part Number: 93001322 Page 6
Loading...