WILI-S Release Notes
From wiliGear wiki
WILI-S 5.26 Master Release Notes July 15, 2009
WILI Software is a portable embedded Linux based software platform suited to implement a highly functional, secure and manageable wired and wireless IP networking devices: HotSpot access points, access controllers, enterprise access points, fixed 802.11a/b/g wireless network elements, base stations and customer premise equipment (CPE) and high performance, secure point to point or point to multi point wireless bridges.
Document includes information about the latest WILI Software release (WILI-S further in this document) targeted for the Gateworks Avila, Zinwell ZW4x00, LanReady AP-1000 and FN522, ADI Pronghorn Metro hardware platforms and Wistron RDAT-81, PC Engines WRAP.2C, Compex WP54G/WP54AG, WILIBOARD WBD-111, WBD-500 (http://www.wiligear.com) devices.
The WILI-S Highlights
- Wi-Fi compliant
- IEEE 802.11a/b/g
- WMM/Half and Quarter Rates/Security Band
- Atheros Super AG
- WPA/WPA2 PSK and Enterprise
- Multiple broadcasted SSIDs
- Per MBSSID security policy
- VLAN to MBSSID mapping
- Antenna diversity
- Adjustable RF output power
- Layer 2 user isolation
- Multiple authentication methods: UAM, 802.1x/EAP (using RADIUS backend)
- Per LAN/VLAN/WLAN AAA policies
- WISPr compliant
- RADIUS authentication failover
- RADIUS accounting failover/backup
- Remote user login, logout, session status control via HTTPs/XML
- Per user bandwidth management
- Authenticated clients limit per BSSID.
IP Router and IP address management
- Static IP address fallback
- Static IP routing table
- Source routing
- NAT/NAPT (IP masquerading)
- Multiple IP addresses per interface - aliases
- 802.1q VLAN support
- Source routing
- Transparent VPN client pass-through (PPTP, IPsec ESP)
- Customizable Firewall
- DHCP server, relay gateway (suboptions), DHCP client
- Multiple DHCP IP address pools on device
- SMTP redirection (e-mail)
- IPsec tunnels w/ optional dynamic rekeying support
- GRE (Generic Routing Encapsulation) tunnels
- OpenVPN point-to-point or server-to-multiclient encrypted tunnels
- Secure management via HTTPS, SSH, SNMP
- SNMP v1/v2c/v3 (incl. authentication and encryption)
- Management subnet for remote AP and switch management
- Automatic remote firmware update (using RCMS)
- Automatic white/black list update
- RCMS (automatic provisioning system allows to configure, upgrade firmware & monitor devices centrally)
- Statistic pages, including system information, wireless and wired interface statistics, routing and ARP tables
- Configuration page
- Administrator account's password configuration
- License upload/download
- Skin management
- Firmware update, reset to factory defaults, reboot
- Site survey (may temporary disable wireless connection)
- Antenna adjustment tools
The operation of WILI-S is independent of the operating system on the client stations. For configuration and device management WILIBOX recommends using a PC with web browser that supports SSLv3/TLSv1 and Java Script. Optionally WILI-S can be managed via SSH (CLI) or RCMS (automatic provisioning system).
Third party tools compliant with SNMP v1/v2/v3 (*) protocol can be used to monitor current status and performance of the device.
RADIUS server (RFC2865-2866) is required in order to authenticate users and to enable accounting. This product has been tested for interoperability with various RADIUS servers available in the market. For 802.1x based authentication the RADIUS server must support EAP (Extensible Authentication Protocol) authentication type.
For management purposes WILI-S includes a web server with both HTTP and HTTPs protocol support. Provided Web management features are dependent on currently loaded skin.
(*) These features are not available on Wistron RDAT-81 and Compex WP54G/WP54AG hardware:
- SNMP v3
- Inadyn dynamic DNS client
(*) These features are not available on WBD-500 hardware:
What's New in FW Release
Version WILI-S 5.28
- Version WILI-S 5.28 (differences from WILI-S 5.26)
- Added WNMS agent support (WNMS alerts are not supported!), removed RCMS agent.
- Improved AP-CPE WDS mode: added support to connect to Mikrotic Access Points with WDS mode enabled
- Fixed pass-trough max packet size 1468 bytes issue on AVILA (packet size increased up to 1800 bytes)
- Fixed Static/Dynamic White/Black List issues on AVILA
Version WILI-S 5.26
(differences from WILI-S 5.24)
- New firmware version for WBD-111 hardware revision 2.x.
- Enabled OpenVPN support.
- New key sshd.auth-key = [dss|rsa].
- Implemented extended 802.11 SNMP MIB with wireless statistics.
- Increased client statistics timeout form 10 to 300 seconds.
- statsd daemon adds information about currently associated wireless clients.
- Possibility to view ACL list MAC adresses.
- aaad accounting module sends client IP address to RADIUS DB during the authentication.
- UAM portal name can have DNS version.
- Empty configuration keys are not removed from configuration file.
- Enabled CONNMARK iptables module.
- Fixed ZW4400 irq "nobody cared" problem.
Version WILI-S 5.24
(differences from WILI-S 5.23)
- New key sshd.keepalive = [seconds].
- Fixed XScale ethernet driver dropping received packets larger than MTU value.
- Bandwidth limitation per IP when in bridge was not working for downlink traffic.
- Decreased default ARPNAT cache expiration value to 200sec.
- Boot of XScale based devices was extremely slow when configuration contained >100 VLANs.
- Added ethtool support to RDAT-81/WBD-500 devices.
Version WILI-S 5.23
(differences from WILI-S 5.22)
- RTC support on AP1000/AVILA hardware.
- Fixed DNSmasq stalling and stoping responding to DNS requests.
- Fixed spontaneous device reboots when radio signal quality is very low in G mode.
- Compex WP54/WP54AG was missing EBT_VLAN module.
- Fixed STP on wireless interfaces
- Other changes: new SSH server dropbear version 0.51, allmulti flag is set on all interfaces by default, fixed OOM condition when working in an environment together with Mikrotik devices in WDS mode, increased delay reading/writing MII registers.
Version WILI-S 5.22
(differences from WILI-S 5.21)
- Fixed Denial of Service with specific SNMP request (WBD-111).
- Fixed kernel crash in netlink_run_queue() on Xscale platform.
- RADIUS 'Class' Attribute support in AAAD.
- Increased watchdog timeout from 15s to 45s.
- Fixed ethernet Driver rewriting small packet TCP headers when it shouldn't (WBD-111).
- Increased RADIUS client auth/acct timeout and retry default values.
- Fixed issues with DHCP lease expiration time.
- DNSmasq upgraded, fixes issue when server stops resolving.
- Improved bandwidth shaping in AAAD.
- Added inadyn-mt dynamic DNS client.
- Fixed RCMS agent generating useless debug messages at 'fatal' level.
- Changed 'acktimeout' and 'ctstimeout' default values to 48, both of them will always be set to the same value, if they are configured but not equal, bigger of specified values will be used.
- New keys for multicast configuration in netconf section: mcast.<index.>.address, mcast.<index.>.lladdress, allmulti.
- Different wireless driver fixes.
Version WILI-S 5.21
(differences from WILI-S 5.20)
- Implemented new configuration key radio.<index>.ani for controlling interference mitigation/Ambient Noise Immunity (ANI).
- Fixed problem with UAM, device returned wrong RADIUS NAS-Port-Id if bridge contained more than 256 ports.
- In previous version 5.20 discovery daemon did not start while DHCP client was waiting for an IP address.
- Specifying maximum wireless data rate did not limit upper rate when used together with automatic rate mode.
- Added new configuration key ulogd.loglevel=[debug,info,notice,err,crit].
- Added new PPPoE client keys: pppoe.<index>.persist, pppoe.<index>.holdoff.
- Wiliboard sometimes crashed when writing to flash (/etc/persistent).
- Implemented netconf.<index>.mtu configuration key.
- Implemented new PPPD configuration options: ppp.<index>.lcp_echo_failure, ppp.<index>.lcp_echo_interval.
- Fixed device crash with some specific radio settings.
Version WILI-S 5.20
(differences from WILI-S 5.02)
- Implemented RADIUS MAC authentication.
- Support of more detailed associated clients information in skins.
- Static bandwidth control (w/o RADIUS).
- Implemented interface name aliases for easier configuration of RCMS statistics.
- Fixed issue with station supervision on bridge not working with multiple AAA daemons on bridge ports.
- Traffic monitor in skins.
- aaad will be started even if client did not get an IP address from DHCP server.
- Support of USB 3G modems on WILIBOARD hardware.
- Extended RCMS agent with support of multicast discovery.
- Troubleshooting support.
- Remote device recovery on boot.
- Implemented sysconf configuration plugin for Quagga routing suite.
- Support of multicasts at higher rates.
- PPPoE support.
- IGMP snooping.
- Various WILI-SKINS improvements.
Version WILI-S 5.02
(differences from WILI-S 5.01)
- G-only (pureg) mode now works with quarter rates.
- Other wireless driver fixes: allowed TX power was too low in some countries, data rate selection module fixes: communication is now possible over links with lower link quality.
- Fixed crash when loading kernel module with configuration settings:
- Autochannel could set the same channel on multiple radios, now channel selection is randomized if multiple free channels are available.
- Fixed SNMP segfault when traversing ieee8021paeMIB.
- Fixed SNMP not responding after doing snmpbulkget with non existing OID.
- Increased default accounting interim update interval to 5 minutes, also interim updates are not sent immediately on client IP address change, they are delayed.
- Dynamic VLAN fix: problem was with multiple clients on different VLANs but on the same bridge, only one VLAN could access the bridge at any given time.
- UAM placeholders now support %wanip variable.
- DHCP relay agent information option (option 82) support.
- Station supervision daemon now checks for MAC address changes.
- NTP daemon retries synchronization forever and does not pause boot sequence for 15 seconds if NTP server is not reachable as it was before.
Version WILI-S 5.01
(differences from WILI-S 5.00)
- BusyBox update to version 1.5.0, this fixes more than 1.5 min. reboot lag on RDAT-81 device.
- Licensing scheme change, no licence time limit.
- F/W upgrade shows firmware versions, added licence check warning.
- Dynamic Turbo fixes.
- Implemented support for WILIBOX Firmware Factory.
- Half/Quarter rates fixes (for ar5414 cards).
- Multicast based device discovery from WAN side.
- Fixed kernel crash observed while listing channels with wlanconfig in a loop.
- Fixed whitelist/blacklist module, in some circumstances on x86 hardware it crashed the kernel.
- Fixed site survey reporting WPA encrypted APs as using WEP encryption.
- Fixed HTB traffic shaping system, on x86 PC hardware it crashed the kernel under high load.
- Fixed endianess issues with arpnat, added new options:
- ebtables.arpnat.expiration = [sec] Default: 25200 s
- ebtables.arpnat.debug = [enabled|disabled] Default: disabled
- ebtables.arpnat.bootpnat = [enabled|disabled|relay] Default: enabled
- ebtables.arpnat.pppoenat = [enabled|disabled] Default: enabled
- Fixed Compex WP54(AG/G) Ethernet driver freeze.
- Fixed netconf plugin ignoring interface alias keys.
- Fixed issues with TPC on RDAT-81.
- Enabled FastFrames, WMM and FrameBurst in default configurations.
Version WILI-S 5.00
(differences from WILI-S 3.5)
- Updated wireless driver, supports latest generation Atheros cards.
- Half/quarter rates support
- 802.11j - 4.9 GHz security/Public safety band support
- 802.11e - WMM (QoS)
- 802.11h - Spectrum and Transmit Power Management Extensions
- Atheros super features
- 802.11i/RSN/WPA2 pre-authentication support.
- RCMS agent with network usage statistics.
- P2P traffic control.
- Updated WPA supplicant, dropbear SSH server.
- Fixed memory leaks, possible deadlock situations in AAA daemon code.
- Fixed potential problems in UAM redirector redird, made some optimizations.
- Improved white/black list handling performance.
- New WDS implementation does not require to specify MAC address of WDS peer in configuration.
- RDAT-81 device specific:
- ath0 radio card reports as if it was a 802.11 a/b/g radio, in fact it only works in 802.11a mode.
- If IGMP snooping is on and WILI SCOUT software is used from a wireless side, device discovery won't work.
When upgrading from 3.5 version firmwares, note that configuration of WDS interfaces has changed, you may need to reconfigure your WDS interfaces.
For more information check WILI User's Guide on our website: http://www.wilibox.com