***************************************************************** Air Marshal change history for all versions (Linux Platform) ***************************************************************** Modified: 6/14/2009 Copyright (c) 2002-2009 IEA Software, Inc. All rights reserved worldwide. This file contains important, late-breaking information about changes made within Air Marshal. We recommend that you read this file and keep a printed copy with your Emerald documentation. Tip: If necessary, choose Word Wrap from the Notepad Edit menu or Wrap To Window from the WordPad View/Options menu to wrap the text within the document window. ---------------------------------------------- CHANGES.TXT CONTENTS ---------------------------------------------- . KNOWN PROBLEMS . RELEASE CHANGES ---------------------------------------------- KNOWN PROBLEMS ---------------------------------------------- * None at this time ---------------------------------------------- RELEASE CHANGES ---------------------------------------------- 2.0.19 - Jun 14 2009 -- * Added anonymous authentication options to control where and when during the preauth stage it would be allowed to authenticate a session * Added if preauth listeners have been enabled and preauth initialization fails try again periodically to initialize listeners 2.0.18 - Apr 2 2009 -- * Fixed password configuration dialouge should only appear on key not found or empty key error classes * Fixed general menu config access IP settings applied to the entire interface rather than remain limited to the configuration server only * Added allow Air Marshal to startup without the configuration server if the configuration server should fail to initialize 2.0.17 - Feb 20 2009 -- * Fixed when similiar bandwidth limits are assigned to multiple users all users would share a common bandwidth pool rather than each having their own * Fixed input and output byte counts should always be from the perspective of the access server 2.0.15 - Dec 24 2008 -- * Added allow subsequent SSL connections to choose different protocol versions and ciphers * Fixed interpret Session-Timeout with a value of 0 as no seconds remaining rather than no time limit 2.0.14 - Nov 9 2008 -- * Added Pulse refresh advanced configuration option to better control usage status polling * Fixed average realtime throughput in whos online list is improperly labled as bits per second where data shown is bytes per second 2.0.12 - Aug 29 2008 -- * Added Framed-IP-Address RADIUS attribute option to enable association of an external IP with users internal IP in NAT routing mode * Added transparent http port local account and profile setting enabling transparent proxy server configuration for local accounts * Added options restricting configuration interface access to authorized addresses * Fixed when running in NAT routing mode established http connections may not be blocked right away when the session terminates * Fixed intermittent SSL message authentication check failures can occur with high numbers of concurrent SSL connections 2.0.9 - May 22 2008 -- * Added 'support' debug flag to enable reliable logging of messages * Added YYMMDD filename tokens for splitting portal log files on a daily monthly and yearly basis * Fixed AV possible when logging messages to the portal log file during periods of high message volume 2.0.8 - Apr 27 2008 -- * Added mac variable for making client mac address avaliable to client web interface * Added allow MAC preauth listeners to immediatly reauthenticate sessions closed with the termination reason of lost service * Fixed malformed web server post request may cause AV * Fixed open connections to http ports by non http clients may prevent a successful controlled restart 2.0.5 - Feb 15 2008 -- * Added when the idle timeout attribute is used only the session status popup window is able to keep the users session active in L2 and L3 session modes 2.0.4 - Dec 28 2007 -- * Fixed upload bandwidth restrictions may not be enforced * Fixed POD disconnect listener may not listen for requests after clicking save changes to apply some configuration changes online 2.0.3 - Oct 17 2007 -- * Fixed when saving active configuration changes the system no longer attempts to reconfigure preauth listener ports if the listeners have already started * Added enable automatic reboot should a hardware or driver related system error occur * Added connection track modules are now loaded only when the NAT routing mode is enabled * Added filter http connection reset errors * Fixed custom POD disconnect port setting was ignored with the default POD port of 3799 used unconditionally * Fixed assert error displayed when a accounting retry fails due to the selected UDP port not being avaliable after a timeout of the first attempt 2.0.1 - Sep 14 2007 -- * Added allow transparent http proxy port configuration from anonymous access menu 2.0.0 - Aug 5 2007 -- * Fixed local session accounting log incorrectly records incoming and outgoing byte counts, term code and session state * Fixed debug value set from the command line (-debug) were ignored with the configured debug level used in its place * Fixed string AVPs decoded through the Tunnel-Password attribute may sometimes show incorrectly decoded values * Fixed javascript error occurs when clicking the end session button in the tos UI status display * Fixed increased default session linger period to better support authorization key * Fixed Ascend binary data filters were not being properly enforced * Fixed per session data usage counters are now able to aggregate byte and packet count usage across many filtering rules * Fixed when starting portald from the command line it may on occassion return without starting the server 2.0.0.b.7 (BETA 2) - Aug 2 2007 -- * Added default interim accounting interval option to RADIUS Accounting menu * Fixed RADIUS POD support should be avaliable even while RADIUS authentication is disabled * Fixed not all options requiring a restart were tagged with the '**' prefix * Fixed sessions authorized anonymously had no username. Anonymous sessions should have the username of the client MAC * Fixed local accounts with a set expiration date must limit their session-timeout so that the client can not maintain an active session after their expiration date has passed * Fixed CHAP authentication was not being performed when the CHAP authentication method was chosen * Fixed CHAP authentication was not supported for local accounts not authenticated via RADIUS * Added while RADIUS authentication is not enabled the use of CHAP for local account authentication is forced * Fixed when a commercial interrupt was not cleared before the clients session is closed the interrupted sessions filtering rules remain in effect until Air Marshal is restarted * Fixed corrected missing authentication method requirement validation checks * Added General settings / server threads no longer concidered an advanced option * Fixed a startup configuration error occurs while using the layer 2 bridge network routing mode * Fixed allow DHCP/DNS traffic while the bridge network routing mode is enabled * Added cause popup blocker warning on default html UI to provide the opportunity for the status popup window to be seen * Fixed server hangs when authenticating a local account which already has an established session * Added support for external custom signaling via the FILTERAVP:extcmd (Framed-Filter=extcmd=x) RADIUS reply attribute * Added support for directing HTTP traffic to tansparent proxies running on the Air Marshal server via the RADIUS reply attribute AM-HTTP-Proxy-Port 2.0.0.b.1 (BETA 1) - July 26 2007 -- * Added support for server initiated RADIUS disconnect messages (RFC3576) * Added preauthorization TCP/UDP listeners to authenticate non-interactive servers and clients such as Nintendo DS * Added RADIUS, local account and anonymous preauthorization based on the end users L2 MAC address * Added multiple subnets and network interfaces can now be managed from a single Air Marshal installation * Added walled garden configuration interface * Added unmonitored Layer 3 IP exception listing * Added bandwidth management in bps for upload and download traffic via WISPr RADIUS VSAs, local and anonymous accounts * Added commercial interrupt timer allows commercial messages to be displayed in the browser and acknowledged at configurable intervals * Added WISPr VSA support (Location-Name, Location-ID, Redirect-URL, Bandwidth-Max-Up, Bandwidth-Max-Down, Session-I/O) * Added L2 bridging mode allowing Air Marshal to control network access without IP level configuration * Added aliasing improvements to enable configuration of DNS named shortcuts to access account status * Added anonymous access option with daily time and data usage limits. Feature can also be used to bypass RADIUS authentication in emergencies * Added informational messages can be passed to the Air Marshal local whos online listing by sending whomsg=mymessage in the RADIUS access accept * Added expanded online reconfiguration to allow configuration changes to most settings without having to restart * Added option to restart Air Marshal from the admin web interface * Added improved administrative UI with new layout, menu features and server status information * Added local account management allowing administrators the ability to quickly configure local accounts without RADIUS * Added support for the Acct-Interim-Interval RADIUS attribute to enable periodic interim accounting updates * Added limited ascend data filters are now supported for RADIUS authenticated sessions allowing network access filtering on a per-user basis * Added client data mirroring enables all of a clients data traffic to be mirrored to a remote host for diagnostic or intercept for sessions authenticated via RADIUS (mirror=x.x.x.x:port) * Added support for the use of Tunnel-Password to send encrpyted AVP commands to Air Marshal * Added optional client DNS server settings to further lock down DNS access to specific servers before authentication * Added ability to operate without a RADIUS server using anonymous access, local accounts and a local accounting log file * Added improved support for large numbers of concurrent clients * Added auth keys forcing clients to first view and accept TOS or advertising before they are able to login * Added allow up to five concurrent connections without a license key * Added alternate client login interfaces * Added client login interfaces now support an account status popup box with disconnect option * Added var1 and var2 variables for passing data between ptl files * Added changed no-cache to no-store to prevent stale data from being displayed in some browsers * Added option to disable enforcement of Ascend-Data-Filter VSAs for RADIUS authenticated sessions 1.0.22 - May 22 2006 -- * Added send accounting interim update on successful re-authorization 1.0.21 - March 14 2006 -- * Added session re-authorization via Termination-Action RADIUS attribute 1.0.20 - May 12 2005 -- * Added licensing updates 1.0.19 - Mar 16 2005 -- * Added additional attributes are now send with RADIUS access requests (Acct-Session-ID,NAS-IP,NAS-ID,NAS-Port,Framed-Address) 1.0.18 - Nov 22 2004 -- * Fixed RADIUS requests may sometimes wait indefinately for a response * Fixed rare 'ses->state...' assert message if a user attempts to concurrently logon and logout * Fixed limit concurrent access to Linux session start and stop scripts as workaround to iptables 'resource temporarily unavailable' bug * Fixed intermittent RADIUS authentication and accounting request timeouts while using a setting of more than 30 'server threads' 1.0.16 - Oct 12 2004 -- * Added routed mode session timeouts are now based upon amount of incoming data from clients * Added additional connection timeout checking for HTTP(S) requests * Fixed AV while processing accounting information * Added additional usage info debug messages while using IPTables 1.0.15 - Sep 30 2004 -- * Added session variables are now accessable from '.ptl' files * Fixed cases where the wrong MAC address is displayed in RADIUS accounting and whos online listing * Added RADIUS accounting status information to debug messages * Fixed DOS handling for HTTP and HTTPS sessions 1.0.11 - Jan 28 2004 -- * Added support for sending clients MAC as Calling-Station-ID attribute in the RADIUS authentication request 10.0.10 - Nov 22 2003 -- * Added support for Emerald license keys. An Emerald license enables a two session concurrent login limit 1.0.9 - Sep 18 2003 -- * Fixed server won't start if its not configured 1.0.8 - Sep 12 2003 -- * Added support for RADIUS Accounting-On and Accounting-Off startup/shutdown messages * Added support for 'htmlack' filter attribute to specify an alternate html interface after authentication 1.0.7 - Aug 8 2003 -- * Fixed configuring 'Server URL' should be required * Fixed a problem with stuck accounting records on some versions of Linux 1.0.6 - Jul 28 2003 -- * Added support for IPTables. Use of IPChains or IPTables is auto-selected 1.0.5 - Jul 7 2003 -- * Added updated default Linux session script to unload iptables and load the ipchains kernel modules to work around a known problem with some popular linux distributions * Fixed a problem that may cause sessions to incorrectly terminate if a user views their account status while the admin interface is in active use 1.0.4 - Mar 24 2003 -- * Fixed Win32 ARP timeouts would cause end of session with reason 'Port Preempted' 1.0.3 - Mar 7 2003 -- * Added initial support for the windows platform * Fixed admin images would not load if there is a configuration problem