UniFi OS - Dream Machines 3.2.5
https://community.ui.com/releases/UniFi-OS-Dream-Machines-3-2-5/bd5b3e5f-0459-41c4-b179-33120fa07b56
Overview
Bundled application
Improvements
- Added support for Shadow Mode. *
- Added support for Loop Protection. **
- Subscription-free UniFi Identity (Admins tab -> 'Users') ***
- Added support for DNS Shield.
- Added support hostname support for IPsev Site-to-Site VPNs.
- Added support for the InnerSpace applicaiton, this replaces the MAP option in the Console Settings.
- Added the console's IP address during setup on the touchscreen.
- Added max login attempts for SSH, you'll get blocked for 3 minutes if you entered the credentials incorrectly 5 times.
- Added DNS resiliency for firmware updates.
- Added fallbacks to default timezones if unsupported ones are provided during setup.
- Added DNS warnings for consoles that cannot resolve the ui.com domain.
- Re-enabled the VLAN Magic feature.
- Improved meshing stability when the consoles are restarting or upgrading.
- Improved system stability for the UDM by adjusting the fan table.
- Improved various screens on the Touchscreen.
- Improved UniFi OS Backup resiliency.
- Improved detection of failed disks, disks that cannot initializable will be marked as broken.
- Improved RADIUS stability.
- Improved WireGuard VPN Disconnection detection for mobile devices.
- Consoles will no longer erase external storage during a factory reset.
- Consoles will now always store backups locally before upgrading its firmware, it will auto-recover in case there is file system corruption after a power outage.
- Updated Suricata to 6.0.12.
- Updated the console reset button count down from 10 seconds to 5 seconds.
- Updated the UniFi Logo in the local portal.
- Updated integrated Access Point firmware to 6.6.38
- Reduced memory usage of Suspicious Acticity/Content Filtering/Ad Blocking.
- Reduced network downtime for firmware upgrades.
- Prevent super admins from deleting their own account.
* Shadow mode is a console redundancy feature.
ZitatSupported consoles: UDM-Pro / UDM-SE.
ZitatTo adopt a shadow console it needs to be the same model, have version 3.2.1 or newer installed, and the shadow console's WAN port needs to be plugged into the main console's LAN port.
ZitatWhen activated console will store configuration backups to the shadow console automatically.
ZitatIn case of main console fails, the customer can click to Activate takeover on the Device screen, replug the cables from the main to the shadow console and it will serve as the main console.
ZitatFuture versions will support also a way to configure automatic failover.
ZitatStatistics and data are not copied over the shadow console.
** Loop Protection disables a port if there is a loop detected, disabled ports need to be manually re-enabled. It does not depend on Spanning Tree and still disables ports when neighboring devices don't support STP.
*** UniFi Identity is the new on-premise UniFi user management system. It is a lightweight, single-site, unlimited-user, subscription free option delivering user access to doors, VPN, WiFi, and EV charging — all with a simple tap on the Identity mobile app for iOS and Android. Please note that previous UID options are now named UniFi Identity Enterprise.
Bugfixes
- Fixed an issue where servers are not reachable for VPN Clients due to incorrect certificates.
- Fixed unable to start RADIUS service in rare cases.
- Fixed night mode scheduling for the UDM's LED.
- Fixed incorrect WAN IP on the portal after remapping the WAN ports.
- Fixed an issue with DNS servers for VPN Clients.
- Fixed an issue where the default route wasn't present when having a Static IP on the WAN interface.
- Fixed an issue where IGMP Proxy breaks after PPPoE reconnections.
- Fixed an issue where Traffic Routes didn't take effect for existing connections.
- Fixed an issue where Traffic Routes conflict with Content Filtering.
- Fixed inability to see DPI statistics when a setup has a lot of clients.
- Fixed unexpected behavior when there are multiple Traffic Rules blocking the same domain.
- Fixed unable to establish IPsec Site-to-Site VPN in rare cases.
- Fixed an issue where jumbo frames are forwarded on LAN ports when jumbo frames is disabled.
- Fixed an issue where PPPoE MSS Clamping is lost during provisions.
- Fixed Suspicious Acticity not working when enabling Jumbo Frames.
Download links
