- Our Product Family:
- CDRouter
- CDRouter-Multiport
- CDRouter-IKE
- CDRouter TR-069
- BuddyWeb
Knowledge Base >
Release Notes >
CDRouter 2.6 Release Notes
CDRouter 2.6 Release Notes
Welcome to CDRouter version 2.6!
What's new since version 2.5:
Verification of NAT compatibility for Peer-to-Peer applications
--------------------------------------------------------------
* Several techniques for P2P communication across NAT are now being
used by file sharing services, on-line games, and other applications.
CDRouter 2.6 introduces new test cases to verify some of the
recommended NAT behaviors to allow P2P applications to communicate.
New test cases have been added to verify that public src ports for
TCP and UDP connections using the same private IP and src port are
preserved by the router. This is often called Cone-NAT.
CDRouter 2.6 can also verify the NAT implementation supports
hairpin media translation for internal connection on the LAN
for both TCP and UDP.
The new test cases work for all types of Cone NAT including Full
Cone NAT, Restricted Cone NAT, and Port Restricted Cone NAT.
To enable the new P2P NAT verification, the testvar natSupportsP2P
should be set to yes. If set to no, CDRouter will skip the P2P
related test cases.
Example:
testvar natSupportsP2P yes
The following test cases have been added:
TEST 67: NAT uses single binding for TCP session with same src IP and src port
MODULE: nat.tcl
NAME: cdrouter_nat_500
TEST 68: NAT uses single binding for UDP session with same src IP and src port
MODULE: nat.tcl
NAME: cdrouter_nat_501
TEST 69: NAT performs hairpin translation for LAN side TCP connections
MODULE: nat.tcl
NAME: cdrouter_nat_510
TEST 70: NAT performs hairpin translation for LAN side UDP connections
MODULE: nat.tcl
NAME: cdrouter_nat_511
NAT with simultaneous TCP open
------------------------------
* Test case cdrouter_firewall_301 has been updated to allow support of
simultaneous TCP opens from the WAN. If the NAT/firewall implementation
does support simultaneous TCP opens, the testvar natSimultaneousTcp should
be set to yes.
Example:
testvar natSimultaneousTcp yes
MSN ALG Testing Updates
-----------------------
* The MSN ALG application tests in the apps.tcl module have been updated
to include the XFR command and also simulate connecting to the MSN
dispatch server, MSN notification server, and the MSN switchboard
server. The MSN server using three types of servers.
Dispatch server: This is the initial point of contact for the
MSN client that refers the client to a Notification server. This
server is normally located at messenger.hotmail.com port 1863.
Notification server: This is the main session server used for
login and logout, chat requests, etc.
Switchboard server: This is a server used for voice chat and
file transfers between users. Users are normally directed to this
server by the notification server using the XFR command.
The MSN ALG tests including in apps.tcl focus on the interactions between
the MSN client and the switchboard server. Some commands send by the
MSN client include IP address and port information which must be adjusted
by NAT.
You can now configure the port number for the MSN notification server and
the MSN switchboard server. The default port number is still 1863 which
matches the port number used by MSN. The MSN dispatch server will issue
the XFR command using these configured port numbers.
If non-standard port numbers are used for the notification server and
switchboard server, the MSN ALG on the router must track the XFR command
from the dispatch and notification servers. The XFR command is used to
direct the MSN client to a different server and possibly a different
port number.
The following new testvars may be configured:
testvar msnNotificationServerPort 1863
testvar msnSwitchBoardServerPort 1863
The default value for both ports is 1863.
DynDNS testing with HTTPS
-------------------------
* CDRouter can now test DynDNS running over HTTPS. To enable the HTTPS
DynDNS server, set the testvar dynDnsTransport to https. The default
dynDnsTransport value is http.
Example:
testvar dynDnsTransport https
NOTE: CDRouter uses self-signed certificates included under
/usr/share/doc/cdrouter. Some DynDNS client will not establish a TLS
session with CDRouter's built-in dyndns client since these clients are
unable to fully verify the server certificate.
In order to test dyndns over HTTPS, the same root CA used to generate
CDRouter's dyndns server certificate can be imported. This file is
/usr/share/doc/cdrouter/root.pem.
If possible, a second option is to disable the certificate verification
on the dyndns client.
GRE Window Size
---------------
* The default GRE window size for PPTP has been changed to 5000 packets
in this release. During some CDRouter tests, CDRouter may not send a
GRE acknowledgment until thousands of packets have been received from
the router. The new default value allows GRE implementations that
enforce GRE window sizes to work with CDRouter's GRE implementation
without configuring the testvar greReceiveWindow.
The GRE window size can still be changed using the greReceiveWindow
testvar.
Example:
testvar greReceiveWindow 5000
TFTP Client Update
------------------
* The built-in CDRouter TFTP client and server have been updated in this
release to switch to a new UDP server src port once the initial contact
has been established. Previously, the TFTP client always sent packets
to the server port 69.