Release notes for the Black Box Terminal Server line

To see the build version for your software, in CLI mode, enter the command "version".

You should only upgrade to this version of firmware if your product was not shipped
with this version AND you require to use one or more of its features.

All of the fixes are automatically rolled into the next release version.
 

Version 4.8.G3

 

 

Features

·         Web Manager runs as a non-root task.

·         Updated OpenSSL to version 1.0.2g.

·         Updated OpenSSH to version 7.2p2.

·         Updated NTP to version 4.2.8p6.

·         Updated Mini http to version 1.23

·         Added new SSH ciphers, AES-CTR, AES-GCM and ChaCha20-poly1305.

·         Added new SSL encryption AES-GCM, key exchange ECDH-ECDSA, HMAC SHA256, SHA384.

·         Added SSL version TLS1.1 and TLS 1.2.

·         Added CLI commands to delete keys and certificates.

·         Added 5 more IP filtering ranges.

·         Added support for RTS toggle on serial ports.

·         Can now disable IP forwarding between Ethernet interfaces.

·         Can now configure the PPP echo requests.

·         Increased the size of the serial port name to 30 characters.

·         Increased the size of the TACACS secret to 30 characters.

 

 

Fixes

·         The rack units were vulnerable to NTP amplification attacks.

·         Multi host TCP sockets would not allow to hosts to connect is SSL is enabled on the FIPS firmware.

·         The http tunneling stops accepting new tunnel requests.

·         The PPP connection will disconnect during a large file transfer.

·         The virtual modem serial port does not toggle ring indicator signal.

·         There was data lost when using NFS remote port buffering.

·         Would stop accepting new TCP multi host with SSL connections.

·         The telnet command from the terminal port profile would not support binary pass-through.

·         Two servers connected with serial tunneling would sometimes drop the character before a break signal.

·         The serial tunneling server will send out an extra byte out the serial port when it receives a set modem signal mask that is hex 0xFF.

·         SSH allows people to do TCP port forwarding.

·         Multisession does not work correctly if IP aliasing is configured.

·         The Web Manager cannot transfer keys using TFTP or SFTP.

·         Using Device Manager through an http tunnel to transfer files does not work.

·         A TCP raw sessions largest packet was 512 bytes.

·         The server stops processing Modbus requests from multiple Modbus masters.

·         The Terminal Server data logging buffer size is not configurable.

 

 

Version 4.6

 

Features

·         Added the ability to reset the serial port statistics.

·         Made a number of security improvements

o    Internal user database can provide a 10 second delay after an invalid authentication attempt. After 5 successive incorrect authentication attempts within 1 minute the user will be locked out for 5 minutes.

o    Internal user database could allow each user to only be logged into the system once.

o    Internal user database can enforce passwords to be at least 8 characters long with at least one number.

o    The Web Manager can stop the web browser from caching.

·         PPP can now authenticate with TACACS+ using CHAP.

 

Fixes

·         Removed a deadlock condition in Modbus slave gateway.

·         COMredirect keep alive timer would cause disconnects if data was in only one direction.

·         LPD printing now supports source TCP port greater than 1024.

·         COMredirect tcflush command could lock up the Device Server.

·         Port idle timeout not working all the time.

·         Web Manager desktop models could not add host entries on DS models.

·         Speed up connection time for secure HTTP Tunnels.

·         COMredirect lite mode TCP connection resets sometimes.

·         Console mode power command (control p) sometimes disconnects the session.

·         L2TP/IPSec connection to a Windows 7 client behind a NAT router will disconnect on its own.

·         IPSec would not work over a modem connection if the connection was not up when IPSec first started.

·         Http tunnel server would sometimes show the wrong tunnel name for a connection.

·         If busy enough, Modbus slave gateway only responds to one of the devices.

·         Memory leak in Http Tunnels if not configured correctly.

·         IPSec would stop working if the IP address of the default gateway changes.

·         Http Tunnel client would sometimes not be able to connect to the server.

 

 

Version 4.5

 

Features

·         Added support for COMredirect (v6.6) for Windows to support the Windows IOCTL_SERIAL_SET_XOFF system call.

·         Only allow IP traffic to/from a range of IP addresses.

·         Modbus Slave Gateway IP Aliasing allows multiple requests to devices on different serial ports to be processed at the same time.

Fixes

·         System memory lost when HTTP Tunnel connection goes up and down.

·         A TCP Sockets serial port using Multihost would stop receiving data if it received data during the system boot.

·         Disable Strict Host Key checking did not work when connecting to an internal serial port using SSH.

·         Could not connect to a Console Management serial port using the IP loopback address (127.0.0.1) and TCP port (10001) if any serial port had an IP Alias address.

·         Could not connect to the Web Server (TCP port 80) through a HTTP or HTTPS Tunnel.

·         The Desktop units with 1 or 2 ports will stop responding because of a system memory leak.  It did not happen with the DB-25 model.

·         COMredirect full mode running at 300 bps would not work when the application did a tcdrain.  This only happened on Rack models.

·         Modbus Slave would not process a request from the Modbus TCP master if the request did not come in one TCP packet.

·         The Terminal Server would not callback a PPP client.

·         SNMP monitoring (UDP traffic) through a HTTP Tunnel would stop after a while.

·         Secure file transfer would not work through a HTTP Tunnel if it was configured using the Web Manager.

·         Opening and closing a COMredirect COM port through a HTTP Tunnel could cause the open to fail sometimes.  It would take 60 seconds before recovering.

·         TCP Modbus requests with a read length greater than 61 registers would cause an error for some Modbus TCP Masters by breaking the response into two TCP packets.

·         The Web Manager does not show the correct SNMP Trap privacy algorithm.

 

 

 

Version 4.4

 

Features

·         Enhanced configuration for NTP/SNTP authentication to allow a different Key ID for the secondary host.

·         Increased the size of the LDAP Base field to 128 characters.

Fixes

·         Errors on Web Manager Keys and Certificates page.

·         Units lose their configuration information.

·         UDP service type could lose data if it received data on multiple serial ports at the same time going to the same host and there was no ARP table entry.

·         SNMP MIB II Interfaces object “IfOperStatus” was incorrect.

·         No CLI command to disable SSH client strict host checking.

·         PPP dial in using the internal modem may not connect after a quick disconnect if the idle timeout is enabled.

·         Improved the reconnect time for the UDP service type.

 

 

Version 4.3

Features

·         Enhanced data logging support.

o    Configure the size of the buffer

o    Eliminate data loss when the connection is lost

·         Vmodem phone number table host name support allows FQDN.

·         TCP MTU configuration.

·         TCP timeout and retry count configuration.

·         TFTP over HTTP Tunnel support.

·         Enhanced NTP/SNTP support

o    NTP client on Rack units and SNTP client on Desktop units.

o    Authentication using MD5 or SHA1 on all secure units.

·         SSH client strict host checking configuration.

·         SSH server grace login time configuration.

·         TCP Sockets profile now supports IP Aliasing with Multiple hosts.

·         Remap Modbus master ID to Slave ID

·         Option to not forward a byte with a receive error from the serial port.

·         Enhanced SNMP trap support.

o    Supports type v2c and v3 messages.

o    Supports inform type trap messages.

·         Support for Secure File Transfer Protocol (SFTP) to transfer files.

·         The OEM login feature now supports a custom login and password prompt.

·         TCP Sockets service type now supports the IP alias feature.

·         Two new CLI commands to allow the customer to fine tune the TCP keep alive time.

o    "set server monitor-connection-timeout" sets the time between TCP keep alive messages (was 5 seconds).

o    "set server monitor-connection-number" sets the number of unanswered TCP keep alive messages before the connection is closed (was 5).

Fixes

·         System memory leak when a SNMP message authentication failure happens.

·         Clustering would sometimes show slave units multiple times.

·         Cannot turn beak on/off from CLI.

·         Port Email alerts do not work unless server Email alerts are enabled

·         SSH banner is not being displayed

·         Desktop unit may lockup if the Ethernet link goes down at the same time as data is being transmitted.

·         SNMP security issue, improper HMAC validation allows authentication to be bypassed.

·         HTTP tunnel may be slow on some complex web pages.

·         IP UDP Multicast packets are only sent out on the first Ethernet interface.

·         EasyPort Web, Java Script, would not work on dual Ethernet units if Lan bonding was enabled.

·         The connection was resetting every couple of seconds using serial tunneling between two units.

·         PPP dial in using the internal modem may not connect after a quick disconnect.

·         Radius secondary host access rejected after the primary host goes down.

·         Increased the Maximum packet size for Modbus for 256 to 512 bytes.

·         CLI Serialt debug tool crashes while capturing a large amount of data.

·         EasyPort Web connect button always uses HTTP to connect to the slave unit.

·         SNMP set port parity does not work correctly.

·         Proxy Arp PPP connection will stop working if the Ethernet interface goes down then up.

·         Cannot make multiple TCP Sockets connections if the listen port is greater than 32,767.

·         Modbus Slave port will not work if it receives data before a poll form the Modbus Master.

·         Snetsave and Snetload CLI commands would not work through an HTTP Tunnel.

·         Modbus Serial Master would send exception messages when configured not to.

·         Would lose Ethernet connectivity after sending a large number of SNMP trap messages.

·         TACACS would not work if a ‘#’ character was used in the secret.

·         The internal modem would sometimes not answer an incoming call.

·         The Multihost feature would stop sending data to all the hosts if one of the hosts stopped responding.

·         The Vmodem feature would not parse the init string after an AT&F command.

·         The Serial Tunnel sometimes sent out extra characters after the DSR signal dropped.

·         The Clustering feature did not work if the second Ethernet port was connected and the first Ethernet port was not connected.

·         The break signal duration for Console Management was changed to 0.1 second from 1 second.

·         Secure ID authentication using a fully qualified domain name required the DNS server to be available when it first boots up.

·         SNMP trap messages for the IO units had the wrong value.

·         Static IPv6 addresses were lost if the Ethernet link went down.

·         The Vmodem feature would not parse the command line past the AT&F.

·         The Serial Tunnel could lose characters at slow baud rates when the RTS signal drops.

·         Very large fragmented messages over a SLIP connection could lose data.

·         PPP call-back with the internal modem did not work.

·         HTTP Tunnelling did not work if the host address was a fully qualified domain name.

·         The internal modem would only answer a call the first time.

·         Serial Tunnelling may lose the last character if the TCP connection drops quickly.

 

Version 4.1

Features

·         HTTP tunneling - Provides the ability to establish connections to serial and LAN devices sitting behind a firewall or NAT router.

·         SMTP authentication – For Email notification, added support for various authentication methods with the Email servers.

·         MSCHAP – Support for MS-CHAPv1 and MS-CHAPv2

·         Introduction of new SNMP MIBs which correct a number of compilation errors as well as introducing MIB entries for the SNMP traps. Pre release 4.1 MIBs are supported by this release and will function as they did on previous releases.

·         Microsoft Active Directory – Enhanced the LDAP feature to fully support Microsoft Active Directory.

·         RFC2217 – Additional control for the handling of “break” signals

·         Session strings – Ability to send configured text strings to an attached serial device on session start/end.

·         Port ID – Ability to send a “port ID” string to a LAN device upon connection to the serial device.

·         Enhanced EasyPortWeb – Ability to select between using a “Java app” or “Java script” when connecting to a serial device via a browser.

·         Default server name – The previous default of “localhost” has now been replaced with “mmm-xxxxxx” where mmm is the model of the unit (TS, SDS, STS, SCS) and xxxxxx are the last 6 digits of the MAC address of the unit. This more clearly identifies a non-configured unit when discovered by the Device Manager.

·         When using HTTPS to configure the Terminal Server, the user can now select a "reduced graphics" mode of operation. This greatly improves the time it takes to paint "complicated" screens.

·         This release introduces the ability for the user to provide their own custom landing page when pointing their browser to the Terminal Server.

·         This release introduces the ability for the user to supply a custom SNMP MIB for the Terminal Server. This MIB will co-exist with the standard Terminal Server MIB.

·         When logging invalid login attempts, the log entry will now include the IP address of the client attempting the invalid login.

Fixes

·         Corrected filter for TCP ports 2601, 2602 and 2603. Filter should only prevent connection attempts to these ports but was preventing any message with that source from reaching the TCP stack.

·         Vmodem did not work correctly if the dialed phone number included a space and the user configured the phone number to IP mapping with the space.

·         On a DHCP renew of a lease, the Terminal Server was not processing parameters such as DNS servers or gateways. Only the IP address information was being processed.

·         Corrected a “task prioritization” issue which affected performance under load conditions (especially in low latency mode of operation).

·         Can now SSH to a Fully Qualified Domain Name (as opposed to an IP address).

·         For desktop 1 and 2 port models, an issue has been addressed which caused EIA485 half duplex connections to sometimes not work reliably.

·         Corrected an issue with using "Internet Explorer" to configure an Terminal Server, specifically the "vmodem" phone table. If you opened/closed (repeatedly) the "vmodem" phone table, garbage entries would appear.

·         Fixed an issue which prevented the Terminal Server from issuing a subnet directed broadcast for the UDP service.

·         The probe for valid DNS servers was changed to send out IPv4 (not IPv6) requests when looking for an IPv4 DNS host.

·         Improved the Device Manager's ability to discover Terminal Server when running on the "Vista" operating system.

·         When the console port of a Terminal Server is configured for hardware flow control the unit will not complete the boot sequence unless a terminal is attached and powered on. Terminal no longer needs to be present for the unit to complete the boot.

·         Under some extreme throughput conditions, serial data received on the serial port would be held for a few seconds before being forwarded on the LAN. This delay has been removed.

·         If you edit a UDP profile, set the direction to "serial to LAN", you are unable to enter the port number.

·         The unit will now correctly flush all data from the serial port when instructed to do so by COMredirect.

 

 

Version 3.6

Features

·         Added GUI support for Microsoft Special Administration Console (SAC)

·         Added support for Radius attributes NAS-Port-Id, NAS-IP-Address, NAS-Port, Calling-Station-Id, NAS-Identifier, NAS-Port-Type, NAS-IPv6-Address, Framed_Route,Class, Login-IPv6-Host, Framed-IPv6-Route, Login-IP-Host, Connect-Info

·         Added the ability to save/load text based configuration files using WebManager or CLI.

·         Added to ability to provide a User defined Factory Default Configuration file

·         Added the ability to access EasyPort with an admin user

·         Added support for MOTD to be displayed on the WebManager login screen

·         Added support to display a “generic” WebManager login screen

Fixes

·         Hunt groups now work with COMredirect

·         Able to determine if a TCP Socket connection has an active TCP connection

·         Large file transfers in both directions using COMredirect would sometimes not complete

 

Version 3.5

Features

·         Added native VPN support for Microsoft XP using L2TP.

·         Added VPN exception configuration ability.

·         Added IPv6 support to many of the features in all Terminal Server models, including DHCPv6. Also added IPv6 router advertisement (Secure Device Server/Secure Terminal Server/Secure Console Server models only) capability.

·         Added the ability to configure IPv6 tunnels.

·         Added the ability to create routes/gateways through IPv6 tunnels, PPP-configured serial ports, and SLIP-configured serial ports.

·         Added data logging capabilities to the TCP Sockets and COMredirect profiles.

·         Added ability to determine how the 'admin" user gets authenticated.

·         Enhanced the UDP Sockets profile configuration window to make it easier to configure.

·         Updated the TACACS+ and RADIUS dictionaries to control clustered port access.

Fixes

·         Serial ports will not close before the data is completely sent.

·         Multicast packets using UDP can now be sent successfully through routers.

·         The Terminal Server will now boot up successfully when the Hardware Speed and Duplex settings are set to a value other than Auto.

·         You can now send port buffering data to syslog without configuring an NFS server.

·         You can now manually enter multiple virtual modem (vmodem) commands separated by a space.

·         You can now set the S12 virtual modem (vmodem) register to 0 (zero) and actually get a delay of 0 (no delay).

·         Under certain conditions, the modbus gateway would not respond to future requests if a slave UID was non-responsive to the master gateway polling.

·         The Terminal Server now responds immediately when monitor DCD and DSR signals are dropped. Also, any pending data is forwarded when the DCD or DSR signal is dropped.

 

Version 3.4

Features

·         Added VPN capability using the IPsec protocol.

·         Added SNMP V3 user security options.

·         Enhanced the Port Buffering feature to allow keystroke logging and the ability to send port buffering data to syslog.

·         Users accessing the Terminal Server from the network can now enter a Telnet or SSH command (to connect to a host) after a successful login to the Terminal Server.

·         The number of times a user can attempt to login to the Terminal Server from the network is now governed by the Password Retry Limit parameter.

Fixes

·         The modem dial string now sends the prefix ATD (before it sent ATDT).

·         The documentation for the 1-port DB9 model has been corrected to indicate that line termination required J1 and J9 to be jumpered.

·         Data can now be obtained from active Modbus slaves when a Modbus slave on the serial line stops responding to being polled (Modbus TCP/IP to serial gateway).

·         When using serial tunnel client and server mode to connect the serial ports of two Terminal Servers, RTS will no longer go inactive before all the data has been sent on the output side even though the CTS signal was dropped after the data on the input side.

·         PPP now supports dial in/dial out and will automatically install a default gateway using the PPP connection.

·         SNMP now supports network addresses in the Host field to allow any SNMP manager residing on a network that matches the community to access the Terminal Server.

 

Version 3.3

Features

·         Improved the usability, design, and appearance of the WebManager and DeviceManager

·         Improved the likelihood that a serial application which was written to communicate to a directly attached serial device will operate correctly when connected to the serial device via a Black Box Terminal Server. This includes back to back server setups as well as COMredirect connections.

·         Improved the time it takes to re-establish connections after connection loss.

·         Ability for multiple hosts to access a single serial port via TCP has been added. This capability is available via the silent raw, reverse raw, and COMredirect service types.

·         New modes of operation have been added to customize behaviour on a line basis. The new modes are:

o    Minimize latency

o    Optimize network throughput

o    Prevent message fragmentation

o    Custom packet forwarding

·         Enhanced the ability of the DeviceManager to discover and manage units. This can now be done over routers as well as when the DeviceManager and Terminal Server are on the same physical network but are logically configured on different IP networks.

·         IP address assignments performed via the DeviceManager will no longer be temporary.

·         Added ability for customer to define their own "factory default" configuration.

·         Vmodem service type has been enhanced to provide additional modem functions. Also added the ability to define a phone table to IP address lookup for modem applications which can’t be easily modified to specify an IP address instead of a phone number.

·         Added support for local MOTD (Message Of The Day).

·         Improved the accuracy of the system clock.

·         Ability to enable/disable DHCP for each Ethernet interface.

·         Serial tunnel mode has been enhanced to provide a much better throughput.

·         When defining hosts, user can now specify an IP address or a Fully Qualified Domain Name.

·         Added support for Microsoft direct connect PPP, host and guest.

·         Ability to initiate LAN connections based on "any data" being received on the serial port or a specific character being received on the serial port.

·         Added ability to accept UDP messages on any UDP port (as opposed to a specific port).

·         Ability to configure when secondary authentication method will be used. (i.e. only if first authentication host is unreachable or always).

·         Added a visual indication on Desktop models to alert the user when the unit is operating in "console" mode (flashing green Power/Ready LED).

·         For SECURE DEVICE/CONSOLE/TERMINAL SERVER models, clustering has been added to allow users to access Terminal Servers through a Master Terminal Server.

·         EasyPort web has been added as a web browser access method to Terminal Servers in a cluster group and to Terminal Servers with Reverse Telnet or Reverse SSH ports using the supplied Java client.

·         Dynamic DNS with DynDNS.org support to automatically update DynDNS.org when the Terminal Server's IP address changes or to automatically update DynDNS.org when a PPP session is established.

·         For Secure Console Server models, LAN active standby, which will automatically reassign the IP address for Ethernet1 to Ethernet2 if Ethernet1 should stop responding.

·         Ability to access a port/line by either its configured name or IP address.

·         Ability to automatically update a network DNS server with a DHCP assigned IP address for the Terminal Server.

·         Added client-initiated functionalty for COMredirect, allowing the COMredirect host to initiate a connection to the Terminal Server.

·         Added custom baud rates for COMredirect and the serial interface.

·         Added a system watchdog which allows the Terminal Server to automatically recover when a critical error condition is detected.

·         Added support for Modbus.

·         Added the Serial Tunnel Line Service to support RFC 2217.

·         Added TACACS+ support so that your TACACS+ server can now set user parameters on the Terminal Server.