Access Point Firmware (DNW-AP40, DNW-AP60)

Follow

Scope

This article goes over the firmware for Access Points including the Latest Stable Release and the Latest Public Beta Release.

Index

Firmware 6

Latest Stable Release:

6.3.14 (July 11, 2017)

  • FIX: Images for built-in splash pages are now displaying properly
  • FIX: When Internet Check is disabled and AP loses internet (but not DHCP) the SSIDs stay up
  • FIX: VLAN changes to an SSID now save without need for reboot
  • FIX: Repeaters with bridged SSIDs and no splash page now get LAN IPs as expected
  • FIX: Various additional improvements and enhancements

Latest Public Beta Release:

6.3.14 (July 11, 2017)

  • FIX: Images for built-in splash pages are now displaying properly
  • FIX: When Internet Check is disabled and AP loses internet (but not DHCP) the SSIDs stay up
  • FIX: VLAN changes to an SSID now save without need for reboot
  • FIX: Repeaters with bridged SSIDs and no splash page now get LAN IPs as expected
  • FIX: Various additional improvements and enhancements

6.3.13 (June 29, 2017)

  • NEW: IGMP Proxy support (see Configure -> Advanced)
  • FIX: WiFi scheduling works again
  • FIX: Client isolation wasn’t always isolating
  • FIX: Bandwidth throttling in many cases wasn’t working
  • FIX: Improved stability for SSIDs using Band Steering
  • FIX: Certain model POE switches no longer experience gateways switching to repeater
  • FIX: SSIDs configured for 2.4/5GHz-only broadcast correctly utilize Roaming VLANs
  • FIX: 5GHz radio no longer fails to broadcast if using channel 165 prior to next upgrade
  • FIX: Performance of an encrypted SSID would degrade if 802.11r was enabled
  • FIX: Redirection from a URL with “res” parameter (to external splash page) no longer causes loop
  • FIX: Addresses an edge-case where clients could potentially bypass a splash page (including blocked clients)
  • FIX: Logout of a voucher (which isn’t supported) no longer redirects you to www.open-mesh.com
  • FIX: Resolves SSH segmentation fault with Dropbear

6.3.12 (May 1, 2017)

  • NEW: Client sessions are now reported back to CloudTrax in the event an AP's local session cache is purged for any reason; this will ensure that the built-in splash-page won't unexpectedly appear prior to the client force timeout or sessions timeout being reached.

6.3.11 (April 20, 2017)

  • FIX: Significant improvements to the configuration/reconfiguration of bridged SSIDs (including VLANs)
  • FIX: Bridged SSIDs no longer reverse their reported upload/download traffic in CloudTrax
  • FIX: Prevent SSIDs from accidentally being bridged to the LAN when in NAT mode
  • FIX: Repeaters with bridged SSIDs could prevent DHCP assignment to clients
  • FIX: Addresses a rare condition where repeaters could go offline or into lonely/orphan mode unnecessarily
  • FIX: WMM Power Save now works for 802.11n devices in addition to 802.11ac (which was already supported)
  • FIX: Change to radio channel is now logged on the AP; log buffer size increased to 128KB
  • FIX: “Use AP Name” being turned on now correctly changes the 2.4GHz SSID name without a reboot
  • FIX: Bandwidth throttling on bridged SSIDs works if you have Application DPI disabled
  • FIX: Client blocking now properly behaves on networks without a splash page enabled

6.3.10 (March 8, 2017)

  • NEW: Support for new HW (OM2Pv4, OM2P-HSv4, A-series)
  • NEW: Configuration changes to one SSID won't disrupt other SSIDs
  • NEW: External splash page now sends CIP parameter (for client IP) in addition to client_mac
  • FIX: Out-of-box 2.4GHz channel, prior to configuration, is now CloudTrax default of 6 instead of 5
  • FIX: Security updates for CVE-2013-4421, CVE-2013-4434, CVE-2016-3116, CVE-2016-7406, CVE-2016-7408, CVE-2016-7409, CVE-2016-7407
  • Includes all other changes included in 6.2.10 and earlier

6.2 beta 5 [6.2.10] (February 27, 2017)

  • FIX: Decrease of CPU usage when Band Steering is enabled
  • FIX: Cache cleanup of non-voucher sessions has increased from 12 hours to 72 hours, preventing clients from inadvertently being sent to the splash page before their session timeout
  • FIX: Prevents a condition where a previously-working repeater could become orphaned when using per-AP channel overrides or auto-channel
  • FIX: When a RADIUS authentication server replies with zero values for download/upload throttle or session timeout, we'll now default to what's configured in the CloudTrax network
  • FIX: Additional optimizations and improvements to stability and performance

6.2 beta 4 [6.2.7] (January 26, 2017)

  • FIX: Client usage on bridged SSIDs would no longer be reported if Layer 7 DPI (Application Reporting) was also disabled on the network
  • FIX: Prevents a rare condition where APs might not re-pair or check-in after upgrading from earlier versions, or after configuration changes to SSIDs

6.2 beta 3 [6.2.5] (January 17, 2017)

  • FIX: Significant band-steering stability and reliability improvements
  • FIX: Bandwidth throttling now functional when Layer 7 DPI (Application Reporting) is disabled
  • FIX: Fixes several WiFi driver-related issues on 802.11ac devices (MR1750/OM5P-AC) 
  • FIX: Addresses a condition where DNS resolution temporarily stops working during AP reconfiguration
  • FIX: Continued improvements and optimizations to ensure greater uptime and overall performance

6.2 beta 2 [6.2.1] (December 19, 2016)

  • FIX: Bridged SSIDs now properly "fast roam" when 802.11r is enabled
  • FIX: Corrects a condition where walled garden entries fail to update properly when Alt DNS is specified
  • FIX: Bridged SSIDs configured with a VLAN tag will now reliably resolve DNS
  • FIX: Prevents a situation where unauthenticated clients could potentially bypass the splash-page
  • FIX: Amazon Instant Video (on mobile app) is no longer improperly identified as "Misc Video"
  • FIX: Resolves ping packet loss when connected to certain 802.3af POE switches (OM5P-AC only)
  • FIX: Several other underlying optimizations and improvements

6.2 beta 1 [6.2.0] (September 16, 2016)

  • NEW: Ability to disable Layer 7 Deep Packet Inspection (DPI) for higher throughput on AC-capable devices, especially on bridged SSIDs. Found under Configure -> Advanced
  • NEW: Ability to control per-SSID band, i.e. dual-band, 2.4GHz only, 5GHz only
  • NEW: 802.11r support for clients that support this faster roaming authentication standard
  • NEW: Ability to disable "failsafe" protection for when internal/external splash page authentication servers can't be reached
  • NEW: Automatic disabling of DNS intercept (local DNS relay) for all SSIDs that don't have an Alt DNS defined. Requires the Splash Page be turned off. In order for this to be disabled, you'll need to contact Support. Note: This will disable all Client Blocking for the SSID
  • NEW: Support for future "instant commands" (ping, trace route, etc) that will be included in an upcoming CloudTrax update
  • NEW: Support for future throughput-based mesh routing provided with B.A.T.M.A.N. version 5
  • FIX: Numerous additional performance improvements, bug fixes and optimizations

Previous Releases:

6.2.11 (March 21, 2017)

  • FIX: Repeaters with bridged SSIDs could prevent DHCP assignment to clients
  • FIX: Client blocking now properly works on networks without a splash page enabled
  • FIX: Security updates for CVE-2013-4421, CVE-2013-4434, CVE-2016-3116, CVE-2016-7406, CVE-2016-7408, CVE-2016-7409, CVE-2016-7407

6.2.10 (March 8, 2017)

  • NEW: Ability to disable Application Reporting (Layer 7 Deep Packet Inspection) for higher throughput on AC-capable devices, especially on bridged SSIDs. Found under Configure -> Advanced
  • NEW: Ability to control per-SSID band, i.e. dual-band, 2.4GHz only, 5GHz only
  • NEW: 802.11r support for clients that support this faster roaming authentication standard
  • NEW: Automatic disabling of DNS intercept (local DNS relay) for all SSIDs which don't have an Alt DNS defined and aren't using client blocking or splash pages
  • NEW: Ability to disable "failsafe" protection for when internal/external splash page authentication servers can't be reached
  • NEW: Support for future "instant commands" (ping, trace route, etc) that will be included in an upcoming CloudTrax update; support for future throughput-based mesh routing provided with B.A.T.M.A.N. version 5
  • NEW: When a RADIUS authentication server replies with zero values for download/upload throttle or session timeout, we'll now default to what's configured in the CloudTrax network
  • FIX: Significant improvements to Band-Steering performance and reliability
  • FIX: Several WiFi driver-related issues on 802.11ac devices
  • FIX: Corrects a condition where walled garden entries fail to update properly when Alt DNS is specified
  • FIX: Bridged SSIDs configured with a VLAN tag will now reliably resolve DNS
  • FIX: Prevents a situation where unauthenticated clients could potentially bypass the splash-page
  • FIX: Amazon Instant Video (on mobile app) is no longer improperly identified as "Misc Video"
  • FIX: Resolves ping packet loss when connected to certain 802.3af POE switches (OM5P-AC only)
  • FIX: Addresses a condition where DNS resolution temporarily stops working during AP reconfiguration
  • FIX: Cache cleanup of non-voucher sessions has increased from 12 hours to 72 hours, preventing clients from inadvertently being sent to the splash page before their session timeout
  • FIX: Prevents a condition where a previously-working repeater could become orphaned when using per-AP channel overrides or auto-channel

6.1.2 (November 30, 2016)

  • FIX: Corrects a condition where walled garden entries fail to update properly when Alt DNS is specified
  • FIX: Bridged SSIDs configured with a VLAN tag will now reliably resolve DNS
  • FIX: Prevents a situation where unauthenticated clients could potentially bypass the splash-page
  • FIX: Amazon Instant Video (on mobile app) is no longer improperly identified as "Misc Video"
  • FIX: Resolves ping packet loss when connected to certain 802.3af POE switches (OM5P-AC only)
  • FIX: Several other underlying optimizations and improvements

6.1.1 (July 19, 2016)

  • NEW: Presence Analytics now offers a "last_seen_signal" value
  • FIX: Improved reliability of Ethernet connectivity on the MR-series and OM5P-AC
  • FIX: Prevents DHCP packets from being improperly forwarded over LAN on the MR-series
  • FIX: Daisy-chained APs show more accurate mesh speeds over their Ethernet link
  • FIX: Removes unnecessary host routes on SSIDs that are configured for bridging/VLANs
  • FIX: We no longer enable Roaming VLANs on SSIDs that are bridged with a VLAN tag
  • FIX: Resolves an issue where the OM5P-AC's 5GHz radio could stop broadcasting
  • FIX: Corrects a situation where the OM5P-AC doesn't show TX rate for a 2.4GHz client
  • FIX: Temperature monitor properly disables 5GHz radio when excessive heat is reached (OM5P-AC and OM5P-AN only)
  • FIX: Many other improvements to overall network configuration and stability, WiFi scheduling, auto-channel, site survey, health-care, and check-in

6.1 (April 8, 2016)

  • NEW: Limited Preview: Presence Analytics API
  • NEW: Support for automatic over-the-air downgrades between future stable firmware releases (for example: 6.2 -> 6.1)
  • NEW: Compliance for latest FCC hardware certification guidelines on future devices
  • NEW: Added compatibility and support for future hardware and associated requirements
  • FIX: Various underlying optimizations and improvements

6.0 beta 7 (February 16, 2016)

  • NEW: Healthcare now auto-reboots repeaters when we're unable to find a default route after 3 successive attempts in a row
  • FIX: Corrects a condition where clients connected to an 'open' SSID were being repeatedly disconnected/reconnected and unable to join, and/or repeatedly asked for a password if not an 'open' SSID
  • FIX: Corrects an issue where in certain cases DHCP packets of non-bridged clients could bypass our built-in DHCP server
  • FIX: Captive portal wasn't restricting access to just those clients defined under the Access Control List as expected
  • FIX: DHCP watch process wasn't terminated properly when changing an AP from daisy-chained state to repeater or gateway position
  • FIX: Addresses possible IP range collision when using more than 3 SSIDs
  • FIX: Prevents the potential hang of an AP on reboot command
  • FIX: Additional WiFi driver optimizations
  • FIX: Improvements to roaming on non-bridged SSIDs

6.0 beta 5 (December 14, 2015)

  • NEW: WiFi driver improvements for APs that support VHT80 (MR1750 only)
  • FIX: General improvements to over-the-air upgrade process
  • FIX: Avoid a condition where the flash memory is filled with temp files
  • FIX: Repeaters would cease to check-in but remain online and functional
  • FIX: When Alt DNS was configured per-SSID, DNS wouldn't route properly
  • FIX: BLA (Bridge Loop Avoidance) is only enabled before bridging of an interface with the LAN, not after, and properly de-activated when un-bridged
  • FIX: The broadcast suppression window has been increased for BLA
  • FIX: Don't turn off the LAN bridge if a non-enabled SSID is specified for bridging
  • FIX: Don't allow VLAN ID configurations outside of the 2-4094 range
  • FIX: Clean-up of various system log error messages and debug output
  • FIX: Improvements to Auto-channel and Radio modes, ensuring AP models which aren't compatible with VHT20 aren't incorrectly configured with this invalid setting, causing WiFi to not initiate properly

6.0 beta 3 (November 2, 2015)

      • NEW: Upgrade to a newer OpenWRT platform
      • NEW: Support for wildcard domains in the walled garden
      • NEW: Support for future over-the-air firmware downgrades
      • NEW: Configuration of WiFi is now handled by Netconfigd
      • NEW: Route to Alt DNS added if the SSID is bridged
      • NEW: Disabling of HTTPAuth & RADIUS accounting messages (UI not available yet)
      • NEW: Ability to set password for RADIUS Pre-Authentication messages (UI not available yet)
      • NEW: Layer 7 filters for Ad Servers, Steam, and iCloud
      • FIX: Numerous additional bug fixes and improvements

Firmware 5

Stable Release:

590 (June 14, 2016)

      • NEW: Includes support for revised hardware: OM2P-HSv3
        NEW: Healthcare now auto-reboots repeaters when we're unable to find a default route after 3 successive attempts in a row
      • FIX: Corrects a condition where clients connected to an 'open' SSID were being repeatedly disconnected/reconnected and unable to join, and/or repeatedly asked for a password if not an 'open' SSID
      • FIX: Ensures that RADIUS client for externally hosted Captive Portals is RFC (2866) compliant for NAS-port and Service-type attribute values.
      • FIX: Corrects an issue where in certain cases DHCP packets of non-bridged clients could bypass our built-in DHCP server
      • FIX: DHCP watch process wasn't terminated properly when changing an AP from daisy-chained state to repeater or gateway position
      • FIX: Don't turn off the LAN bridge if a non-enabled SSID is specified for bridging
      • FIX: Addresses possible IP range collision when using more than 3 SSIDs
      • FIX: Improvements to mesh throughput reporting

NOTE: Due to higher memory requirements, this version does not support OM1P and MR500 devices, or networks running CoovaChilli. 5xx firmware, combined with the latest CloudTrax 4, includes a new CoovaChilli replacement. This is the last stable firmware release which supports first-gen 32mb OM2P devices.

Previous Releases:

588 (December 14, 2015)

      • FIX: BLA (Bridge Loop Avoidance) is only enabled before bridging of an interface with the LAN, not after, and properly de-activated when un-bridged. 
      • FIX: The broadcast suppression window has been increased for BLA.
      • FIX: Improvements to Auto-channel and Radio modes, ensuring AP models which aren't compatible with VHT20 aren't incorrectly configured with this invalid setting, causing WiFi to not initiate properly.
      • FIX: Corrects several issues affecting reliability when installing over-the-air upgrades to beta 6.0 firmware (and adds support for future 6.x firmware).

587 (November 10, 2015)

      • NEW: Support for OTA updates to 6.x beta firmware
      • FIX: Corrects an issue affecting reliability when disabling internet check
      • FIX: Corrects memory leaks affecting the mesh protocol 
      • FIX: SSID2 will now properly throttle upstream if SSID1 has throttling off  
      • FIX: We now send accounting stop when RADIUS client timeout is reached
      • FIX: Repeaters would cease to check-in but remain online and functional

586 (October 5, 2015)

      • NEW: Preliminary support for band-steering (coming soon)
      • FIX: Numerous bug fixes and stability enhancements
      • FIX: Improvements to our bridge loop avoidance system
      • FIX: Turn off WiFi LED when default route is lost
      • FIX: Better handling of unsupported RADIUS server attributes

585 (August 11, 2015)

      • FIX: Numerous bug fixes and memory optimizations
      • FIX: Properly re-bridge wired client port when switching to GW mode
      • FIX: Ensure when AP Isolation is enabled that clients connected to a repeater cannot ping other clients on the network
      • FIX: RADIUS attribute list is no longer dropped when last attribute is from unknown vendor  
      • NEW: Ensure LED stays red when internet test has failed
      • NEW: Added Layer 7 support for HBO Now, and changes to mediafire, thepiratebay, gamefront, ultrashare, teamspeak, ventrilo, iBackup and about.com filters. Removed zshare.net, FilesTube, rapidshare, and kazaa.

584 (July 31, 2015)

      • FIX: Ensure customer-configured VLAN interfaces are properly initiated
      • FIX: Improved Mesh throughput test performance reliability
      • FIX: Numerous bug fixes and memory optimizations
      • NEW: Layer 7 filters for Amazon video, Yahoo! video, Hulu, Xfinity, ShowTime, and HBO Go. Added improvements for detecting speedtest.net, Netflix, Spotify and Google services.

583 (July 6, 2015)

      • NEW: allow each SSID to have its own alternate DNS setting (requires CT4)
      • NEW: netconfigd replaces netifd as central network configuration daemon
      • FIX: Enable support for first-gen (32mb) OM2Ps by reducing required memory
      • FIX: Fixes issue where wired clients wouldn't always get an IP address
      • Numerous additional bug fixes and performance improvements

577 (May 22, 2015)

      • FIX: Numerous bug fixes and performance improvements

573 (March 5, 2015)

        • NEW: Reports clients on SSID #2
        • NEW: Reports wired clients
        • NEW: Device fingerprinting shows the operating system of each client device
        • NEW: Layer 7 deep packet inspection to view application usage on the network as a whole
        • NEW: Facebook WiFi integration
        • NEW: Faster repeater discovery. Access points can find each other more quickly over mesh due to improved scanning
        • NEW: Multi-band mesh encryption support
        • NEW: Better speed test. Greatly improved repeater-to-gateway speed test is much faster and can handle higher speeds
        • NEW: Improved captive portal. Now runs on all access points (APs), not just gateways to avoid gateway congestion
        • NEW: Improved AP isolation. Now works on multi-cast traffic, broadcast traffic and wired clients
        • NEW: Support for new Open-Mesh access point models
        • NEW: Checkin via CloudTrax API
        • NEW: DNS changes: to facilitate blocking on bridged SSIDs, 5xx will intercept all DNS queries and resolve them against either the DNS it gets from DHCP or the Alternate DNS in Cloudtrax. If you're using CloudTrax 4, you can add the local DNS server to the SSID that you want it to use.
        • FIX: New WiFi driver to reduce reported client disconnects
        • FIX: Numerous bug fixes and performance improvements

Firmware 4 (Legacy)

Stable Release:

481 (June 12, 2014)

        • NEW: OM2P-HSv2 platform support
        • FIX: [OM2P] send ibss probe responses with noack flag to reduce number of sent probe responses
        • FIX: [OM2P] process management frames only once per BSS to reduce number of sent probe responses
        • FIX: [OM2P] don't drop connections of roaming clients when bridge_mode is disabled
        • FIX: [OM1P] disable mesh encryption due to failures in the encryption over time

Note: This is the last firmware version that supports OM1P and MR500 devices. 481 introduces support for the OM2P-HSv2 and significantly improves roaming between gateways. The 400 series firmware introduced a number of new features from 300, including bridge mode, voucher support, blocked user message, client tracking, walled garden, rogue AP scanning, mesh encryption, device chaining mode and vlan tagging. 

Previous Releases:

479 (January 14, 2014)

        • FIX: fallback inet_test uses checkin URL to avoid endless SSL redirect
        • FIX: [ng2ng] don't enable ng2ng mesh bridge while running in orphan mode
        • FIX: [nds] deactivate oversized thread stack cache
        • FIX: [nds] check if kernel module was loaded already to avoid insmod failure
        • FIX: [nds] work around the leaking thread stack
        • FIX: [coova-chilli] fix DNS regression for chilli and orphan mode
        • FIX: [OM2P] fix decrypt_error initialization to avoid decryption problem
        • FIX: [OM2P] avoid mangling powersave keys when the chip key cache is filled
        • FIX: [OM2P] allow multicast frames on eth1 (dropped by ethernet switch)
        • FIX: [OM2P] set fallback to /tmp/resolv.conf for inet_test DNS check in repeater mode

476

        • NEW: update fallback dashboard IP to point to server in Oregon
        • NEW: send hostname with syslog messages
        • NEW: reboot after 6 checkins in orphan mode if no upgrade or mesh key is available
        • NEW: [OM2P] print extensive logs when/how a device was rebooted
        • NEW: [OM2P] drop unsolicited DHCP broadcast packets instead of forwarding them
        • FIX: fix wireless WPA key cache corruption leading to wifi disconnects
        • FIX: ignore case of captive portal variable sent from the dashboard (prevents health care reboot of ticket #618)
        • FIX: backport port asprintf memory leak
        • FIX: [nds] remove threading for HTTP access to minimize risk for race conditions
        • FIX: [nds] deactivate over-sized thread stack cache
        • FIX: [nds] check if kernel module was loaded already to avoid insmod failure
        • FIX: [nds] work around of the leaking stack of thread
        • FIX: [coova-chilli] properly configure LAN block if enabled (closes ticket #593)
        • FIX: [OM2P] fix invalid memory access in crashlog potentially leading to a crash
        • FIX: [OM2P] stop bridge-in-batman DHCP packet mangling when bridge_netfilter is enabled (ng463 regression)
        • FIX: [OM2P] increase beacon interval to 300ms to reduce channel pollution

466 

        • NEW: [nds] allow walled garden refresh without nds restart
        • FIX: avoid running multiple dhcp clients on repeaters
        • FIX: remove interface event handler delay to avoid losing events on the LAN
        • FIX: launch dhcp watch also when connected to a possible lan
        • FIX: avoid lockup by releasing gw lock before exiting in case of memory shortage
        • FIX: set dhcp start IP option to not waste 99 IPs from the IP pool
        • FIX: [nds] sanatize voucher input
        • FIX: [health care] detect if cable is plugged but ignored by the system (closes ticket #485)
        • FIX: re-order health care rule processing to run dashboard rules first (closes ticket #499)
        • FIX: [OM2P] workaround roaming breakage with bridge mode enabled
        • FIX: [OM2P] fix sending DHCP INFORM packets to wrong subnets (e.g. LAN)

459 

        • FIX: properly handle IP range calculation on gateways with high node ids

458

        • FIX: disable bridge loop avoidance completely when bridge mode is disabled (closes ticket #441)
        • FIX: uci creash triggered by too long string
        • FIX: [OM2P] wifi stability fixes (closes ticket #439)
        • FIX: [wgarden] do not activate wgarden ip verification when coova-chilli is running

456

      • NEW: [nds] redirect including node & client mac
      • NEW: [checkin] after 12 subsequent alt dashboard timeouts contact dfl dashboard
      • NEW: [checkin] alternate dashboard checkin timeout flag
      • NEW: [walled garden] periodic DNS update
      • FIX: [walled garden] separate /etc/hosts entry from walled garden entries
      • FIX: remove accidental restriction of local LAN interface access (closes ticket #229 and #262)

Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Head on over to our Community Forum!