• Home |
• Products |
• Support |
• KB

Welcome to CDRouter version 2.2!

What's new since version 2.1:
-----------------------------

  Support for WPA-PSK and WPA-RADIUS
  ----------------------------------

  * In combination with Driverloader by Linuxant, this release of CDRouter
    now supports the use of WiFi Protected Access modes Pre-Shared Key and 
    RADIUS.  

    WPA-PSK (also known as WPA-Personal) Example:
   
      testvar wirelessAuthType WPA-PSK
      testvar wpaCipher        TKIP
      testvar wpaKey           qacafe123

    The testvar wpaKey may be either a 64-character hexadecimal string, or a
    passphrase that is 8-63 characters long.

    WPA-RADIUS Example:
  
      testvar wirelessAuthType WPA-RADIUS
      testvar wpaCipher        TKIP
      testvar lanUseEAPOL      yes
      testvar eapType          tls

    Note: When using WPA-RADIUS, the testvar wpaKey is not necessary. The 
    correct key information is provided through the EAP conversation. EAP-MD5
    is not an acceptable eap-type for WPA-RADIUS since no keying information
    is generated. If you are using the CDRouter provided RADIUS 
    server (recommended) you must also configure the following options:
  
      testvar enableRADIUSserver yes
      testvar radiusSecret       qacafe123


  Port Scan Tests Improvements
  ----------------------------
  
  * The TCP and UDP port scan tests in the firewall.tcl module have
    been rewritten to offer improved performance and reporting. The
    port scan tests can now scan thousands of ports per minute. The
    test reporting now reports the following:

     - All open ports
     - All closed ports
     - All stealth ports
     - All ports leaking traffic to the LAN
     - Any virtual services

    The speed of the port scans can be slowed down using the testvar
    portScanDelay. This delay indicates the number of milliseconds to
    wait between sending scan probes. The default is 1 millisecond. 
    Some lower end routers may drop scan packets at this rate. The
    delay can be used to slow the sending rate.

    Example:

      testvar portScanDelay 1


    You may also configure a list of closed port exceptions for ports
    that the router has closed. For example, many routers
    allow port 113 (IDENT) to be configured closed. This can speed
    up interactions with some older mail servers. The closed ports
    are configured using the testvar firewallClosedPorts. This testvar
    takes a list of ports enclosed in double quotes.

    Example:

      testvar firewallClosedPorts "113 232"


    A new TCP/IP Fragmentation port scan test has also been added:

    TEST 97: Perform TCP fragmentation port scan test on routers public WAN IP address
    MODULE: firewall.tcl 
    NAME: cdrouter_firewall_110 


  Support for NETLINK Events on Wireless Interfaces
  -------------------------------------------------

  * CDRouter will now report some 802.11 management events on wireless LAN
    interfaces. When the wireless client associates or disassociates, log
    messages are now generated.

    Example:

    INFO(setup): 18:03:18| Waiting for wireless association on wlan0
    INFO(netlink): 18:03:19| Received NETLINK event: 802.11 Custom Driver Event
    INFO(netlink): 18:03:19| Received NETLINK event: 802.11 ASSOCIATE



  Support for MSCHAP and MSCHAPv2
  -------------------------------

  * PPP now supports MSCHAP and MSCHAPv2 as a valid PPP authentication
    protocol. To enable MSCHAP or MSCHAPv2 on the WAN, configure the 
    pppAuthType to "MSCHAP" or "MSCHAPv2". CDRouter will not negotiate the
    authentication protocol type. If you configure MSCHAP or MSCHAPv2 as the
    authentication type and the router tries to negotiate another PPP
    authentication type, the PPP LCP protocol will fail.

    MSCHAP Example:

      testvar pppAuthType MSCHAP

    MSCHAPv2 Example:

      testvar pppAuthType MSCHAPv2
    
    When the pppAuthType is set to MSCHAP or MSCHAPv2, CDRouter will use
    this as its PPP authentication protocol for all PPP sessions on the WAN.


  Built-in NTP Servers
  --------------------

  * This release of CDRouter can provide up to 2 NTP servers on the WAN
    interface. Each NTP server is enabled by configuring an IP address on
    the WAN side of the router for the NTP server. You may also define
    a hostname for the NTP server that will be automatically populated
    into each of CDRouter's DNS servers.

    Example NTP Configuration:

       testvar ntpServer1           3.3.3.6
       testvar ntpServerName1       time.nist.gov

       testvar ntpServer2           3.3.3.7
       testvar ntpServerName2       time.foo.com

    For CDRouter-Multiport, the NTP servers are reach through any WAN
    interface and the DNS names are automatically configure in the DNS
    servers for each WAN interface.


  Receiving SMTP email
  --------------------

  * You may configure a SMTP server on the WAN interface to receive
    SMTP email from the router. Each email message that is received will
    be displayed in the test log when -trace mode is enabled. To enable
    the SMTP server, configure the testvar internalSmtpServer. The
    IP address of the SMTP must be on a different network than the
    WAN or LAN addresses.

    Example Configuration:

       testvar internalSmtpServer  5.5.5.5



  New Application Test Cases
  --------------------------

  * 3 new application test cases have been added to the apps.tcl module
    to verify the end to end connectivety of SMTP, POP3, and TFTP.

    TEST 111: Verify SMTP session through the router
    MODULE: apps.tcl 
    NAME: cdrouter_app_120 

    TEST 112: Verify POP3 session through the router
    MODULE: apps.tcl 
    NAME: cdrouter_app_122 

    TEST 113: Verify TFTP session through the router
    MODULE: apps.tcl 
    NAME: cdrouter_app_124 


  New NAT Test Cases
  ------------------

  * 2 new NAT test cases have been added to the nat.tcl module.

    TEST 56: Verify NATP with outbound TCP connections using high and low src ports
    MODULE: nat.tcl 
    NAME: cdrouter_nat_130 

    TEST 57: Verify TCP source port can be reused after a passive close behind NAPT
    MODULE: nat.tcl 
    NAME: cdrouter_nat_150 


  New Filter Options for Trace Messages
  -------------------------------------

  * Buddy now allows you to filter out trace messages by protocol. You
    may use the -protocol option to list out all the supported protocols.

    Example:

      # buddy -protocols

    The -hide option will filter out trace messages for a specific protocol
    or list of protocols.

    Example:

       # buddy -trace -hide ARP,TCP

    The -show option will display protocol trace messages for those protocols
    only. All other protocol trace messages will be filtered.

    Example:

       # buddy -trace -show SMTP

    Protocol names are not case sensitive.


  * You may also display the protocol names for each trace message using
    the -include-proto option. When this option is used, CDRouter will
    include the protocol name for each trace message.

    Example:

       # buddy -include-proto

       INFO(wan): 12:29:50| ARP| Sending ARP Request for 4.3.2.1


  Port Trigger tests now support "both" keyword for public port type
  ------------------------------------------------------------------

  * The port trigger configuration now supports the "both" keyword
    for the triggerPublicType configuration. If the public port type
    is "both", CDRouter will verify incoming ports for both TCP and
    UDP connections. Previously, CDRouter required 2 port trigger
    entries to describe a port trigger that allowed both incoming TCP 
    and UDP traffic.

    To configure a port trigger to check for both incoming TCP and UDP
    connections, configure the testvar triggerPublicType to "both".

    Example Configuration:

       testvar triggerName1                  net2phone-1
       testvar triggerPort1                  6801
       testvar triggerType1                  udp
       testvar triggerPublic1                30000
       testvar triggerPublicType1            both


  ForwardUnknown configuration now supports Proxy Arp
  ---------------------------------------------------

  * The forwardUnknown port can now be configured with a proxy arp
    configuration. See traffic-tools.conf for an example configuration.


  Support for thread enabled Tcl versions
  ---------------------------------------

  * This version of CDRouter supports Tcl 8.4 built with the --enable-threads
    option. Previously, CDRouter would not run using a threads enabled
    Tcl binary.


Installation:
-------------

The following distribution contains binary packages for Debian and
Red Hat Linux. Source packages are also included. Before upgrading,
please read the Upgrades chapter from the user guide.

Red Hat Users:

  The Red Hat rpm packages for Red Hat versions from Red Hat 8.0 are 
  located in the "redhat" directory. 

  Install each Red Hat package using rpm:

  # rpm -ivh *.rpm

  Or if you are upgrading from a previous version of cdrouter or the
  demo version, we recommend removing the older version first. 

  (Delete full version)
  # rpm -e pktsrc buddy cdrouter
  # rpm -ivh *.rpm

  (Delete demo version)
  # rpm -e pktsrc buddy cdrouterdemo
  # rpm -ivh *.rpm

  (Now install the new rpm packages)
  # rpm -Uivh *.rpm


Debian Users:

  The Debian packages are located in the "debian" directory.
  Install each debian package using dpkg:

  # dpkg -i *.deb