Digi AnywhereUSB Plus User Manual

DIGI INTERNATIONAL

9350 Excelsior Blvd, Suite 700 Hopkins, MN 55343, USA +1 (952) 912-3444 | +1 (877) 912-3444

www.digi.com

Digi Accelerated Linux Release Notes

AnywhereUSB Plus

Version 21.2.39.67

INTRODUCTION

This is a major firmware release for AnywhereUSB Plus products.

AnywhereUSB Plus is a Remote USB 3.1 Hub that implements USB over IP technology over Gigabit Ethernet networks. The Hub enables communication with USB-enabled devices from virtualized systems and from remote host computers. You can securely deploy AnywhereUSB Plus Remote USB

3.1 Hubs in non-secure environments, making it ideal for point-of-sale, kiosks, surveillance, industrial automation, or any mission-critical enterprise application.

The AnywhereUSB 2 Plus is a Gigabit Ethernet-attached solution that provides 2 USB 3.1 Gen 1 ports to connect a wide range of peripheral devices such as USB license dongles, scanners, printers, cameras, storage media, or other USB devices.

The 8- and 24-port models provide support for 10 Gigabit Ethernet and include SFP+ interfaces.

SUPPORTED PRODUCTS

· AnywhereUSB 2 Plus

· AnywhereUSB 8 Plus

· AnywhereUSB 24 Plus

KNOWN ISSUES

· Cellular metrics are not shown under the Settings → Status → Communications section of Digi Remote Manager, but are shown under the Data Streams for the device. [DALP-768]

· Health metrics are uploaded to Digi Remote Manager unless the Monitoring > Device Health > Enable option is de-selected and either the Central Management > Enable option is de-

selected or the Central Management > Service option is set to something other than Digi Remote Manager [DAL-3291]

· Wired Internet connectivity is interrupted during cellular modem firmware updates [DAL-4647]

· The cellular Access technology configuration option is ignored if carrier PLMN locking is

enabled [DAL-4693]

UPDATE CONSIDERATIONS

Starting with version 19.11.x of firmware of AnywhereUSB Plus, Digi has standardized on a single user interface for all new products. There are dierences in the location of configuration features,

96000472_C Release Notes Part Number: 93001329_J Page 1

however units updated from the previous firmware to this version will have their configuration automatically migrated.

Because of the dierences in the interface, users should first review the documentation to familiarize themselves with the new look and feel. The documentation for this version is located on the Digi support site at:

https://www.digi.com/resources/documentation/digidocs/90002383/default.htm

To configure an AnywhereUSB feature, click on the System menu located at the top right of the Web Page to open the AnywhereUSB Configuration page. For additional configuration, please refer to the link above for the updated documentation.

UPDATE BEST PRACTICES

Digi recommends the following best practices:

1. Test the new release in a controlled environment with your application.

To update the AnywhereUSB Plus firmware from 3.0.x to the new firmware follow these steps:

1. Soware is available through Digi Support Site

2. Connect to the device’s web UI by connecting your PC to the Ethernet port of the device.

3. Use the AnywhereUSB manager to find your hub and open the Web UI

4. Select the Administration->Firmware update on the le side of the page.

5. Select the Choose File button next to the Select Firmware section.

6. Browse for and select the downloaded firmware file.

7. Click the Update button.

To update the AnywhereUSB Plus firmware from 19.11.x or 20.x to the new firmware, follow these steps:

1. Download the firmware file from the Digi firmware support page.

2. Connect to the device’s web UI by connecting your PC to the Ethernet port of the device and

then going to http://192.168.210.1.

3. Select the System tab on the top navigation bar of the page, then select Firmware Update.

4. Select the Browse button in the Upload file section.

96000472_C Release Notes Part Number: 93001329_J Page 2

5. Browse for and select the downloaded firmware file.

6. Click the Update Firmware button.

TECHNICAL SUPPORT

Get the help you need via our Technical Support team and online resources. Digi oers multiple support levels and professional services to meet your needs. All Digi customers have access to product documentation, firmware, drivers, knowledge base and peer-to-peer support forums.

Visit us at https://www.digi.com/support to find out more.

CHANGE LOG

Mandatory release = A firmware release with a critical or high security fix rated by CVSS score.

For devices complying with ERC/CIP and PCIDSS, their guidance states that updates are to be deployed onto device within 30 days of release

Recommended release = A firmware release with medium or lower security fixes, or no security fixes

Note that while Digi categorizes firmware releases as mandatory or recommended, the decision if and when to apply the firmware update must be made by the customer aer appropriate review and validation.

VERSION 21.2.39.67 (February 27, 2021)

This is a mandatory release AnywhereUSB2-21.2.39.67.bin

SHA512:

ecb60aaf5e2eafb09dee1570a623927d25d95577e6f81c9c30ab3cc3e66ad185b5af942fd 18180dd0fbe861619daa604e8b89944c3d7d533acbd67ab5b5ed854

MD5: 5c2626626d284b8e11a69568471e19c3

AnywhereUSB8-21.2.39.67.bin

SHA512:

81bc19d6e8c0770b34a2209948c705d5cd7570b6967aba163b03829f9dbc4fc5251aa215 7f13d3f19e77b2092b743c3f8504e3f54cb846c9e1a3a8adcb527907

MD5: 48850d03ed59f6b5dc73cde722bb6fe8

AnywhereUSB24-21.2.39.67.bin

SHA512:

28123deaebbe39239085390598684bf960620610ab933c129f1961ad99d9441849677f30 6ef41a1f9d90433310fa0fae5e11e025ffe5d8aada3c19f3f48caaa4

MD5: 9718ed57ba1b24c136cc75a219b4a739

ANYWHEREUSB-specific CHANGES

1. Updated default keepalive timeout for the AnywhereUSB service from 11-seconds to 20-

seconds [DAL-4630]

2. AnywhereUSB 8 Plus: Fix broken link to User Guide [DAL-4436]

FEATURES

1. Add the Location service to all DAL products. DAL devices can utilize several location

sources (cellular, GNSS, or user defined) to determine where it's located and report that to Digi Remote Manager or other servers [DAL-724]

96000472_C Release Notes Part Number: 93001329_J Page 3

2. Add geo-fencing configuration options. This new features is found under Services →

Location → Geofence. It can be utilized to define one or more circular or polygonal geofence areas and then perform a set of actions when the device enters or leaves that area. Current options for actions to perform are either factory erasing the device or running a custom script. [DALP-711]

3. New modem scan CLI command for listing available carriers for the current modem and

SIM setup.

4. New Network → Interface → Modem → Network PLMN ID config setting to lock the SIM card

to a particular carrier based on its PLMN ID(note that the Carrier selection mode must be set to Manual or Manual/Automatic in order to lock the SIM to a specific carrier) [DALP637]

5. Added local API to the web UI for automated configuration of the device [DALP-777]

6. Support remote CLI commands through Digi Remote Manager [DAL-4273]

7. New configuration options under System → Scheduled tasks → System maintenance to

automatically check for device and modem firmware updates, then notify in the CLI and web UI when updates are available [DAL-4413]

ENHANCEMENTS

1. Allow hidden/debug config settings to be controlled and preserved by DigiRM [DAL-4445]

2. Asymmetric preshared keys for IPsec tunnels [DALP-707]

3. Don't display Aggressive/Main mode or Xauth selections for IKEv2 IPsec tunnels [DAL-4142]

4. Update name and description of certificate settings for OpenVPN clients and servers [DAL-

4435]

5. Add digidevice.led python module to all products [DALP-710]

6. Add options to forward location information to a remote host over TCP [DALP-778]

7. Add new Forward interval multiplier configuration option under Services → Location →

Destination servers to control the number of location update intervals to wait before sending location data to this server [DAL-4056]

8. Report location metrics as datapoints to DigiRM [DAL-4055]

9. Include the connection uptime of IPsec tunnels as datapoint metrics to Digi Remote

Manager [DAL-4062]

10. Add iptables TRACE tool for enhanced firewall debugging [DAL-4182]

11. Improved accuracy of the status shown for a modem during a firmware update

BUG FIXES

1. Fixed issue where non-primary DNS were queried through the wrong interface when

use_dns configuration option is set to primary [DAL-3156]

2. Report the phone number of the SIM as a health metric datapoint to Digi Remote Manager

[DAL-4440]

3. Fixed incorrect format of ICCID and IMEI metrics reported to Digi Remote Manager [DAL-

4440]

4. Fixed setup issue between custom firewall rules and IPsec tunnels [DAL-4433]

5. Fixed occasional issue preventing LM940 modems from re-establish their cellular

connection aer a modem firmware update [DAL-2933]

6. Fixed issue requiring a user to fix syslog configuration setting when updating from 20.5.x or

older firmware to 20.8.x/20.11.x firmware [DAL-4426]

7. Fixed rare issue where show system CLI command would display incorrect uptime details

[DAL-4350]

8. Fix issue with secondary CLI sessions showing stale configuration settings if the config is

96000472_C Release Notes Part Number: 93001329_J Page 4

updated elsewhere [DAL-4446]

9. Updated message displayed in web UI to direct the user to refresh the page aer erasing the

device back to default settings [DAL-2326]

10. Fixed issue where dynamic DHCP leases were not displayed in the CLI or web UI (bug

present on 20.11.x firmware versions) [DAL-4557]

11. Fixed inaccurate status of the Ethernet interface of a device in passthrough mode [DAL-

4543]

12. Fixed issue preventing web UI access if two-factor authentication was enabled (bug present

on 20.11.x firmware versions) [DAL-4509]

13. Fixed issue where CLI commands sent from DigiRM would crash the DAL device's connection

to DigiRM [DAL-4412]

14. Fixed issue preventing WAN/cellular connections from working if the interface was

configured with a single Interface Up Surelink test [DAL-4629]

SECURITY FIXES

The highest level vulnerability that has been fixed in this release is listed as a Critical CVSS score of

8.1 High

1. Update libcurl to version 7.74.0 (CVE-2020-8169, CVE-2020-8177) [DAL-4336]

2. Update to python version 3.6.12 (CVE-2020-14422) [DAL-4364]

3. Update OpenSSL to version 1.1.1i (CVE-2020-1971) [DAL-4326]

4. Update dnsmasq to version 2.83 (CVE-2019-14834, CVE-2020-25681, CVE-2020-25682, CVE-

2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687) [DAL3950]

5. Update web security settings with the following headers [DAL-4192]

1. Pragma: no-cache

2. Content-Security-Policy

3. X-Content-Type-Options: nosni

4. X-XSS-Protection: 1; mode=block

6. Set SAMEORIGIN in X-Frame-Options to uppercase [DAL-4192]

7. Automatically de-activate active user logins/sessions if the password for that user changes

8. Removed support for https CBC ciphers [DAL-4408]

9. Fixed XSS vulnerability on serial page in the local web UI (Bug present on firmware versions

20.11.x and older) [DAL-4646]

VERSION 20.11.32.168 (December 23, 2020)

This is a recommended release AnywhereUSB2-20.11.32.168.bin

SHA512:

1e58f363db72d07d008e4709e41ea536dd1d704de676ef88acd4c75c664ff3d075b951cc1 bb2c7442f5d889d66f04466258394c5b0fe27ec5d9c989cf7104852

MD5: 77b1055fda97bddcb1dd2d7d20d5fb04

AnywhereUSB8-20.11.32.168.bin

SHA512:

0e66a03cb5954fc7ec4967c6abc906cf96f67bbbc182102a634e74083eacb077a54f97d3 ca73d8914f4ad509c523e2a9525375a8d0217b2c12582f7b2bb6e7

MD5: 9c46957e97fe5fe6d8e47cfda7da1231

AnywhereUSB24-20.11.32.168.bin

SHA512:

075bf62b1a437d42da97c3cd52985635da89c1d99e3315060a15daa03f7cf740db2520a9

96000472_C Release Notes Part Number: 93001329_J Page 5

b239c3f17286ac6fbc7948ffb2a089d5584671ef8b83e76c41e4930d

MD5: 39a28482fe0e629b831424bf7e1d874e