Today we've released UTM 9.704. The release will be rolled out in phases.

  • In phase 1 you can download the update package from our download server.
  • In phase 2 we will make it available via our Up2Date servers in several stages.
  • In phase 3 we will make it available via our Up2Date servers to all remaining installations.

Up2Date Information

News

  • Maintenance Release

Remarks

  • System will be rebooted
  • Connected REDs will perform firmware upgrade

Issues Resolved

  • NUTM-11829 [Access & Identity] L2TP connections fail when many users are connected
  • NUTM-11928 [Access & Identity] Hardening of Authentication Server configuration page
  • NUTM-11559 [Basesystem] Update i40e driver
  • NUTM-11966 [Basesystem] Patch binutils (CVE-2018-17985)
  • NUTM-11982 [Basesystem] Patch BIND (CVE-2020-8616, CVE-2020-8617)
  • NUTM-12007 [Basesystem] Patch OpenSSL 1.0.2j (CVE-2019-1547, CVE-2019-1551, CVE-2019-1563)
  • NUTM-12041 [Basesystem] Patch UTM kernel (CVE-2019-3701, CVE-2019-15916, CVE-2019-20096 CVE-2020-8647, CVE-2020-8648, CVE-2020-10942, CVE-2020-11494)
  • NUTM-11664 [HA/Cluster] Error message "send_ha_msg(ECHO_MASTER): sendto(255) errno = 22";
  • NUTM-11113 [Logging] Log archiving to SMB share fails to connect
  • NUTM-11846 [Network] Add confd option to enable multicast for IGMP
  • NUTM-11849 [Network] Syslogng fails to write if max concurrent connections is reached
  • NUTM-11936 [Network] DNS host object not updated/unresolved after fail-over
  • NUTM-11938 [Network] Unable to save the new profile in SSLVPN, it gives error "Warn: Client authentication cannot use more than 170 user and group networks at the same time"
  • NUTM-11779 [RED] RED site-to-site tunnel failover doesn't always work
  • NUTM-11886 [RED] RED server restart notification sent from auxiliary node
  • NUTM-12040 [RED] RED20 is not forwarding tagged traffic like RED15
  • NUTM-12134 [RED_Firmware] Improve throughput for SD-RED WiFi
  • NUTM-12135 [RED_Firmware] Enable 802.11ac for SD-RED WiFi
  • NUTM-11972 [REST API] REST API: Invalid response on GET query for S/MIME component
  • NUTM-11681 [Sandstorm] Sandbox Activity tab uses the incorrect date formatter
  • NUTM-11685 [WAF] Let's Encrypt renewal fails with HTTP->HTTPS redirection for IPv6 vhost
  • NUTM-11925 [WAF] WAF redirects some requests to the first domain of the virtual webserver
  • NUTM-11388 [Web] Httpproxy restarted due to segmentation fault and generated core dump
  • NUTM-11577 [Web] WebProxy not reliably deleting cached temp files
  • NUTM-11841 [Web] Proxy crash with coredump
Parents
  • Customer has this setup: UTM 210 + 2 AP55 + (1 RED 15 + 1 AP55) + (1 RED15W + AP15):

    UTM was on 9.703-3, update to 9.704002.

    Both remote REDs was unable to connect. Waited for 20 minutes, upgrade UTM to 9.705003.

    One hour later, both remote REDs are not connecting. This is the log (IPs and device names were replaced).

    2020:09:19-12:40:20 xxxxxrouter red_server[10857]: SELF: Cannot do SSL handshake on socket accept from '255.255.255.255': SSL connect accept failed because of handshake problems
    2020:09:19-12:40:23 xxxxxrouter red_server[10861]: SELF: New connection from 255.255.255.255 with ID XXXXXXXXXXRED1 (cipher AES256-GCM-SHA384), rev1<30>Sep 19 12:40:23 red_server[10861]: XXXXXXXXXXRED1: Device config was not yet uploaded with the current firmware version '1-450-5b3f24f3e-e9f0c31'
    2020:09:19-12:40:23 xxxxxrouter red_server[10861]: XXXXXXXXXXRED1: Connection is refused as device config was not yet uploaded.
    2020:09:19-12:40:23 xxxxxrouter red_server[10861]: XXXXXXXXXXRED1: Sending json message {"data":{},"type":"DEVICE_CONFIG_NOT_YET_UPLOADED_TO_PROV"}
    2020:09:19-12:40:33 xxxxxrouter red_server[10900]: SELF: Cannot do SSL handshake on socket accept from '255.255.255.255': SSL connect accept failed because of handshake problems
    2020:09:19-12:40:35 xxxxxrouter red_server[10904]: SELF: New connection from 255.255.255.255 with ID XXXXXXXXXXRED1 (cipher AES256-GCM-SHA384), rev1<30>Sep 19 12:40:35 red_server[10904]: XXXXXXXXXXRED1: Device config was not yet uploaded with the current firmware version '1-450-5b3f24f3e-e9f0c31'
    2020:09:19-12:40:35 xxxxxrouter red_server[10904]: XXXXXXXXXXRED1: Connection is refused as device config was not yet uploaded.
    2020:09:19-12:40:35 xxxxxrouter red_server[10904]: XXXXXXXXXXRED1: Sending json message {"data":{},"type":"DEVICE_CONFIG_NOT_YET_UPLOADED_TO_PROV"}

    I was able to ask a user to go at the location of the RED15W, unplugued it and reconnect again - does not matter, same messages.

    Any ideas?

  • Manage to get the 2 REDs working, just in case anybody else had this issue:

    After find this topic , I manage to force the update of the device config by following firmwareking suggestion:

    RED Management > [Server] Client Management > EDIT each RED and turn TUNNEL COMPRESSION on (was off) - this forced the device config update, and both REDs were working again.

    Changed back TUNNER COMPRESSION to off, and everything is working now.

Comment
  • Manage to get the 2 REDs working, just in case anybody else had this issue:

    After find this topic , I manage to force the update of the device config by following firmwareking suggestion:

    RED Management > [Server] Client Management > EDIT each RED and turn TUNNEL COMPRESSION on (was off) - this forced the device config update, and both REDs were working again.

    Changed back TUNNER COMPRESSION to off, and everything is working now.

Children
No Data