WiFi: Added compatibility options
To enable compatibility with a broader range of old and buggy wireless clients, the following additions were made:
- SSID settings: Ability to restrict authentication protocol when using a compatibility mode.
- SSID settings: Ability to restrict encryption cipher when using a compatibility mode. Please note that limiting to TKIP-RC4 will disable 802.11n support on all SSIDs broadcasted in the same site, severely limiting wireless performance.
- SSID settings: Ability to accounce draft EAPOL version when using a compatibility mode.
- 2.4 GHz Radio settings: Allow choosing 802.11b compatible rates. This will decrease throughput on that radio and should only be used if very old clients must be supported.
Improvements around IP assignments of gateways, routing and inbound/outbound NAT
The way how gateways are assigned internal IP addresses in zones has been changed to be more consistent with our network-centric configuration model. The gateway appliance detail view now has a tab that shows all internal and external IP addresses, but all IP configurations are now done in the Zone overview. Here are the changes in more detail:
- “Additional IPs” have been replaced with a general concept of “Gateway assignments” for Zones.
- Every gateway will now have DNS and NTP services enabled for all internal networks.
- DHCP server can now also be configured on a gateway which isn’t the default gateway for a zone.
- Every gateway in every site will now NAT every zone of the organization over its uplinks (unless NAT has been turned off for the gateway assignment).
- The “RouteVPN inbound NAT” option has been removed, and replaced with a general “Inbound NAT” option that can be set per gateway assignment.
- Routes are now configured on the target zone instead of on the source gateway. This makes them independent of gateways, and fits better with our network-centric model.
- An IP overview page has been added to the gateway appliance view. It shows all uplink and gateway assignment IPs for the appliance.
- ICMP policy is now a select box instead of 2 switch options.
- ICMP policy now defaults to “All enabled” for newly created zones.
- RouteVPN is now enabled by default for newly created zones.
- The “Automatic default gateway” has been disabled for additional IPv4 networks.
- IPv6 can now be turned off (and is turned off by default for new zones). This only turns off router advertisements, IPs will still be set if they are configured, so the change should not be intrusive for existing installations.
Smaller Additions, Improvements and Bugfixes
- Added manual configuration parameters for wifi authentication, cipher and protocol versions
- Fixed dynzone feature in combination with portal usage
- Enable DynZone operation on “Open” SSID broadcasts
- Improve Uplink status display, introducing “in use” flag for backup uplinks
- Improved handling of RADIUS authentication over VPN
- Ports: Only show LLDP link partner if exactly one LLDP entry is reported
- New uplink type PPTP over PPPoA
- IPsec encryption switched to AES256-SHA512 with Brainpool Elliptic Curve Groups
- Wifi performance and stability improvements
Thank you, your comment successfully submitted
your comment has been submited, it might take a while to be moderated.