When finished, the system will reboot automatically. Please do not reboot manually.
Update of the Linux kernel
SSH server keys
So far we used installation packages based on Microsoft's CMAK, which are still using SHA1. We now offer our own, Powershell
based solution. Besides using SHA2 it has the following advantages:
- Configuration of additional routes in split tunnel configurations
- Possibility to install multiple connections to different destinations
In contrast to CMAK it is now possible to configure the parameters of an installed connection afterwards.
While we still provide CMAK based profiles, we recommend to migrate to our new solution over time.
Both types of installation package now allow setting the Windows registry key required when the VPN server is located behind
a NAT router.
SSH server keys
The RSA and ed25519 keys used by the SSH server are now available in the keyring menu, so you can now save or restore a backup
of the keys or generate a new key.
It is now possible to grant management access to your device for your reseller or, when operating multiple devices, for a
central device. Initially it is possible to retrieve some very basic information, open connections to technical support, trigger
an update and access the administration interface.
The corresponding menu on the central device has been renamed from "Remote devices" to "Management server".
Truncated ping replies
In release 7.1-3.0 the tool ping has been updated. The new version however ignores truncated ping replies. As a consequence,
devices testing the availability of the Google nameservers and no more than one other Internet IP for fallback purposes switched
into fallback mode, as the Google nameservers answer large ping packets with a truncated reply packet.
Graphical firewall statistics
Since 7.1-3.0 the statistics were no longer updated.
Problems resolving DNS names
In particular after a reboot, name resolution errors occured for certain DNS names on systems resolving via the root nameservers.
Accepted IPs in SNMP server
The list of IPs which is allowed to connect to the SNMP server is now configurable.
Static passwords in Web Client
You can now configure the password of the destination system in each Web Client connection, so the user has to authenticate
at the Web Client only. In general we do not recommend to enter a static password, however it may be useful e.g. to temporarily
grant privileged access for an external service provider to an internal system without having to change or disclose its password.
Changes in model "Praxis-Wächter"
The IP object with the network required for issueing digital vaccination certificate via connector VPN has been added.
You may now select ipsec interfaces as connector interface.