Known Issues: ~~~~~~~~~~~~~ - If a remote authentication server is configured, but it is down, there may be a delay or a failure in authenticating local users via the web UI. Fixes and Features by Version: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 5.1.1 (December, 2017) The following endpoint namespaces have been modified in v1.1 of the REST API, so v1 has been deprecated and will no longer be updated. As the endpoint's functionality has changed, there may be changes required to user programs utilising the REST API. Refer to the REST API documentation for v1.1 for example request/response bodies. Deprecated endpoints: /v1/nodes /v1/system /v1/auth /v1/bundles /v1/users /v1/groups /v1/templates In general, prefer the latest version of the REST API (v1.1) in your own programs as this ensures the latest functionality is available. New features in this release: - (Breaking change) AAA groups are now case-sensitive when mapping to local group authorization. This will only effect AAA groups that use capital letters. - Change node names to be automatically synchronized to console server's hostname (needs CS firmware 4.1.1) - Add support for pushing templated bash scripts to nodes (needs CS firmware 4.1.1) - Add support for configuring a CLI session expiry - Add Smart Group support to node-command and associated tools - Improve performance of our REST API - Improve usability of our Console Port Access page - Add more examples to our REST API documentation - Add ability for AAA-users to be defined locally without password - Allow local user group names to contain more special characters - Add netgrp user group that will contain all AAA users, allows for default permissions for AAA users - Default netgrp permissions to Lighthouse Admin - Add support for templates to be associated with bundles for automatic configuration application on enrollment - Add information about current user to top bar in UI - Add vmxnet3 driver for better VMWare virtualization support - Add reporting about configuration template push status to node details - Change default Lighthouse VPN MTU to be 1400 - Add ability to change the MTU for the Lighthouse VPN - Add REST API endpoint to expose current firmware and API versions - Add better node status reporting in the UI - Update our HTTPS ciphers and protocols to comply with Mozilla Server Side TLS Recommended guidelines - Add command line support for scheduling cron jobs - Defects fixed since 5.1.0: -- Fix assorted authorization issues -- Fix issues caused when date is set to the past -- Fix failing configuration synchronizations causing enrollment to fail -- Fix inconsistencies in node terminology in the UI -- Fix crashes in ogconfig-cli -- Fix excess incorrect failure messages in syslog during successful enrollment -- Fix syslog error messages during unenrollment of 3rd party console servers -- Fix rare issue where the preflight check would list no nodes -- Fix browser window title incorrectly persisting after leaving console gateway page -- Fix ability to disable the root user -- Fix incorrect pmshell error message when no nodes selected -- Fix system details popover incorrectly sticking on screen -- Fix TACACS authentication hang when duplicate remote groups were discovered -- Fix ability for console servers with _ in hostnames to be enrolled -- Fix TTY parsing for Cisco 2900 3rd party console servers -- Fix incorrect usage information for node-upgrade -- Fix issue where long-lived LH5 instances would stop responding to REST API requests -- Fix TACACS Login authentication -- Fix Web Terminal copy and paste issues -- Fix rare configuration retrieval failing on node descriptions -- Fix configuration template pushes that raise errors never being marked as complete -- Fix remote AAA Lighthouse Admin users being unable to delete templates -- Fix Web UI Proxy when LH5 is being an external DNAT rule -- Fix user UID conflicts after switching from remote to local authentication schemes -- Fix memory leaks in configuration backend -- Fix memory leaks in our REST API -- Fix the disable multiple button not working on the Users page -- Fix left side bar inconsistencies -- Fix missing error messages when trying to add 3rd party nodes with more than 400 serial ports -- Fix enrollment breaking when secure HTTPS ciphers are configured on the console server -- Fix enrollment failures if remote node has portshare password set -- Remove autorefresh on Preflight and Template push pages 5.1.0 (August, 2017): This introduces many new features on Lighthouse 5.0.0 and resolves bugs raised from the beta. - (Breaking change) The Lighthouse OpenVPN connection now runs on UDP. This means Lighthouse 5.1.0 is only compatible with Opengear Console Servers version 4.1.0+. - Add functionality for pushing configuration templates to groups of Opengear devices. Currently supported are Group and AAA templates. - Add node-upgrade command line utility. - Add system upgrade to the web UI. Users are able to upload a new system image or provide a URL where the file is hosted. - Add license restrictions to the Lighthouse. Without a license, the Lighthouse is in evaluation mode with a limit of 5 enrolled nodes. Users can purchase licenses that increase that limit and give access to enrol third party devices. - Add automated migration for configuration when upgrading to new Lighthouse versions. - Add support for specifying multiple endpoints to access a Lighthouse device (from an Opengear Console Server) and custom ports on the Lighthouse that will listen for incoming requests. - Add device support for non-Opengear devices (known as third party devices) with native configuration support for: -- Avocent ACS 6000 & 8000 -- Avocent Classic -- Cisco ISR2921 - Add Console Gateway page with responsive searches over devices' serial ports - Improved pmshell command line utility. - Improved the config cli for manipulating Lighthouse configuration (ogconfig-cli). - Improved the speed and stability of the configuration server and REST API. - Improved the Web UI for usability. - Improved configuration validation and feedback to client. - Improved RAML documentation for the REST API. - Defects fixed from 5.0.0b0 release: -- Users are redirected correctly after logging in. -- Fixed some stty issues around remote CLI sessions. -- Improved feedback when user attempts to access commands without suitable permissions. -- Free text search with multiple terms -- SSH custom delimeter parsing -- Disabling an interface could cause other interfaces to go down -- Group names can now contain a dash -- Console Gateway conventions are now adhered to for specifying username and port labels -- Improved shutdown & restart times -- Fixed enrollment of Console Servers with ports in Serial Bridging and Terminal Server mode -- Hostname and system time will now change in syslog when the system is updated -- A user's home directory will now be deleted when the user is deleted -- REST requests proxied via the Lighthouse to the Console Server will now be forwarded correctly by the Lighthouse -- Fixed an enrolment failing to complete if a node was approved too early in the registration stage. A node can now be approved at any point without breaking the enrollment. 5.0.0 (April, 2017): This is a ground up rewrite of Lighthouse. New features include: - Add modern HTML5 Web UI - Add streamlined user and groups mechanisms - Add secure OpenVPN connections to remote nodes - Add REST API for external integration and control of LH5 - Add HTML5 local web terminal - Add HTML5 Console Gateway terminals - Add 'Smart Groups', a way to group managed nodes through saved searches over their configuration and associated searchable tags - Add support for searchable tags to be added to managed nodes - Add a quick search bar at the top of every UI page that lists managed nodes - Add initial and on-going synchronization of node serial port configuration, avoiding the need to 'Retrieve Managed Devices' - Add streamlined enrollment methods via DHCP ZTP, USB, or Web UI - Add consistently validated configuration backend - Add tab-completable config cli