• [Radio] Add Boot Noise Measurment at board startup.
• [Hardware] Add support for CPU thermal sensors.
• [Network] Add script to get modem information
• [Network] Add two network monitoring systems
• [Network] Add network tools into the firmware: ip and ss from iproute2.

• [Upgrade] Improved error handling during upgrades.
• [Upgrade] Re-installation of a package now possible.
• [Network] Allow modification of connman connectivity check URL.
• [Firewall] ICMP incoming traffic is now accepted by default.
• [Firewall] The same firewall rules as IPV4 are applied to IPV6.
• [Firewall] Firewall rules are now in user-editable files.
• [System] Add remote syslog functionnality.

• [Firewall] No more delay for pings when activating/deactivating the firewall.
• [Firewall] Firewall will now reject packet instead of dropping them.
• [Network] Fix error message when there is no SIM into the GSM module.
• [Network] Fix OpenVPN TLS client error when run with option.
• [Network] Fix certificate issue while setting up a VPN.
• [Network] Board will not get stuck while upgrading with an openvpn package.
• [Network] Connman now detect cellular roaming services correctly and can auto connect to this services.
• [GPS] Command restart for kgpsd is now working properly.
• [System] Fix option -l on store-config tool.
• [System] Syslog trace will no longer be truncated if they are longer than 230 characters.
• [System] Display all frontends information in /tmp/board_info.json
• [System] Correct cases of wrong value of loraboard_type in /tmp/board_info.json.

• [Network] No hardware modems reboot on Dual WAN module with networkmonitoring.py
• [Network] ifupdown should handle IPv4 configuration
• [System] Rarely, /tmp/board_info.json is not created at boot
• [LoRa] Some stability issue on radio scanning fonctionnality

This release removes the automatic acceptance of incoming packets which are analyzed by the kernel as belonging to the same (or some related) flow. This “stateful” behavior was provided by the “state” module (subset of “conntrack”), and must now be explicitly specified in your firewall rules if you specifically want it. Be aware that stateful filtering can cause hard-to-debug behaviors for network services. For your information, the removed rule was:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Note also that all ICMP incoming traffic is now accepted, and all outgoing traffic for any protocol is also accepted by default. These rules also apply for IPv6, which now benefits from the same filtering rules as IPv4.

Also, note that the firewall now has rejection rules at the end of the INPUT and OUTPUT chains, to properly disallow non-matching trafic. This implies that new rules 'appendend to the chain' will never be matched; if you want to add new rules, either make sure to add them to a file in /etc/firewall.d/, or if you add them in your application, 'prepend' them to the chain by using “-I” (insert) instead of “-A” (append).

If some rules were already applied on your gateway (example: packet forwarder firewall rules), make sure that the rules are correctly saved in a file under the /user/rootfs_rw/etc/firewall.d directory before doing the upgrade. The procedure to save firewall rules, on firmware version v3.1.x, is described is the dedicated section.

If a system configuration file (for example fileX) has been customized in version N, it will be kept in version N+1. In addition a new file named fileX.opkg is created during the upgrade.

Some of the system configuration files have changed from 3.1.16 to 3.3.3. Those files are:

• /user/rootfs_rw/etc/network/connman/main.conf
• /user/rootfs_rw/etc/syslog.conf.busybox

If one of those 2 configuration files has been customized in previous version. After the upgarde you will have to manually merge the fileX and filesX.opkg files to get a full working version.

To know if you must merge configuration files consult the upgrade result file /.update/update.log.

Example:

root@klk-lpbs-04018B:/user/rootfs_rw/etc # cat /.update/update.log 
Installing spf2 (5.1.0-klk2_5.1.0-klk1) on root.
Configuring spf2.
2018.02.19-13:39:08 -- Update from spf2_5.1.0-klk2_5.1.0-klk1_klk_lpbs.ipk: OK
Backuping spf2.ipk...
-> Updating u-boot ...
Upgrading keros from 3.1.16-0-gfd3610aa to 3.3.3-0-g6e100f4f on root.
Removing obsolete file /user/rootfs_rw/etc/monit.d/netctl.
Not deleting modified conffile /user/rootfs_rw/etc/monit.d/netctl.
Existing conffile /user/rootfs_rw/etc/network/connman/main.conf is different from the conffile in the new package. The new conffile will be placed at /user/rootfs_rw/etc/network/connman/main.conf-opkg.
Existing conffile /user/rootfs_rw/etc/syslog.conf.busybox is different from the conffile in the new package. The new conffile will be placed at /user/rootfs_rw/etc/syslog.conf.busybox-opkg.
Existing conffile /user/rootfs_rw/etc/shadow is different from the conffile in the new package. The new conffile will be placed at /user/rootfs_rw/etc/shadow-opkg.
Configuring keros.
2018.02.19-13:45:45 -- Update from keros_3.3.3_klk-lpbs.ipk: OK
root@klk-lpbs-04018B:/user/rootfs_rw/etc # 

root@klk-lpbs-04018B:/user/rootfs_rw/etc # cat /user/rootfs_rw/etc/syslog.conf.busybox
#  /etc/syslog.conf     Configuration file for busybox's syslogd utility
#
cron.*     /var/log/cron.log
local0.*   /user/snmp/traces/snmp.log
local1.*    /user/spf2/var/log/spf2.log

root@klk-lpbs-04018B:/user/rootfs_rw/etc # cat /user/rootfs_rw/etc/syslog.conf.busybox-opkg 
#  /etc/syslog.conf     Configuration file for busybox's syslogd utility
#
cron.*     /var/log/cron.log
local0.*   /user/snmp/traces/snmp.log
local2.*   /var/log/networkmonitoring.log
root@klk-lpbs-04018B:/user/rootfs_rw/etc # 

root@klk-lpbs-04018B:/user/rootfs_rw/etc # echo "local2.*   /var/log/networkmonitoring.log" >> syslog.conf.busybox
root@klk-lpbs-04018B:/user/rootfs_rw/etc # cat syslog.conf.busybox
#  /etc/syslog.conf     Configuration file for busybox's syslogd utility
#
cron.*     /var/log/cron.log
local0.*   /user/snmp/traces/snmp.log
local1.*        /user/spf2/var/log/spf2.log
local2.*   /var/log/networkmonitoring.log

root@klk-lpbs-04018B:/user/rootfs_rw/etc/network/connman # ll
drwxr-xr-x    3 root     root        4.0K Feb 19 13:45 .
drwxr-xr-x    6 root     root        4.0K Feb 19 13:45 ..
drwx------    2 root     root        4.0K Feb 19 15:04 ethernet_7076ff0101d0_cable
-rw-rw----    1 root     www-data     105 Jan 25 17:12 lan.config
-rw-r--r--    1 root     root        4.3K Feb 19 13:35 main.conf
-rw-r--r--    1 root     root        6.5K Jan 25 17:12 main.conf-opkg
-rw-r--r--    1 root     root         182 Jan 25 17:12 settings
-rw-rw----    1 root     www-data     147 Jan 25 17:12 wlan.config
root@klk-lpbs-04018B:/user/rootfs_rw/etc/network/connman # 

• Fully compatible with Wirnet™ iBTS ATc03 architecture and above.
• Partially compatible with Wirnet™ iBTS ATa01 and ATb02 architecture (issue with reset Button).

• Compatible with Wirnet™ iBTS products with Kerlink Production fuses or without any fuses flashed.
• Simple update (keros.ipk) incompatible with 1.x or 2.x firmwares → Use of liveburner packages is MANDATORY
• ProvenCore firmware and utilities (uploader) changed as of v3.1.0, and files to be uploaded to the ProvenCore have to be processed by “pnrcipher” before uploading.

KerOS IPK : keros_3.3.3_klk-lpbs.ipk md5: 17bf29777b89ec05f6dfca84a305f830
Liveburner IPK : liveburner_3.3.3_klk-lpbs.ipk md5: c3917b96e9da11aee67e8c754a2029b3