Sunteți pe pagina 1din 12

Release Notes

Release Notes Aruba VIA 2.0.1.0 Mac® Edition
Release Notes Aruba VIA 2.0.1.0 Mac® Edition

Aruba VIA 2.0.1.0

Mac® Edition

Release Notes Aruba VIA 2.0.1.0 Mac® Edition

Copyright

Copyright © 2014 Aruba Networks, Inc. Aruba Networks trademarks include Aruba Wireless Networks ® , the

© 2014 Aruba Networks, Inc. Aruba Networks trademarks include

Aruba Wireless Networks ® , the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System ® , Mobile Edge Architecture ® , People Move. Networks Must Follow ® , RFProtect ® , Green Island ® . All rights reserved. All other trademarks are the property of their respective owners.

Open Source Code

Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. Includes software from Litech Systems Design. The IF-MAP client library copyright 2011 Infoblox, Inc. All rights reserved. This product includes software developed by Lars Fenneberg et al. The Open Source code used can be found at http://www.arubanetworks.com/open_source.

Legal Notice

The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors.

Warranty

This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS.

Altering this device (such as painting it) voids the warranty.

, Aruba Networks ® ,

Contents

Contents

 

3

Release Overview

 

5

About VIA

 

5

Contacting Support

 

5

What’s New in This Release

 

6

New Platform Support

 

6

Fixed Issues

6

Mac

6

Features Added in Previous Releases

7

Support for Suite-B

 

7

Split Tunnel

 

7

Support

for Certificate-based Authentication

7

Support

for IKEv2

 

7

Support

for OTP

7

Authentication Profile Selection in VIA

 

8

System Extra Menu

 

8

Send UDID to Controller

 

8

Issues Fixed in Previous Releases

 

9

Issues Fixed in VIA 2.0.0.2

 

9

MacOS

 

9

Issues Fixed in VIA 2.0.0.1

 

9

VPN Connectivity

 

9

Issues Fixed in VIA 2.0

 

10

Installer-VIA

 

10

Known Issues

 

11

MacOS

 

11

Chapter 2 Release Overview Aruba VIA 2.0.1.0 is a software patch release that introduces fixes

Chapter 2 Release Overview

Aruba VIA 2.0.1.0 is a software patch release that introduces fixes to the issues detected in the previous releases of Aruba VIA Mac® Edition.

For more information on features described in the following sections, see the latest VIA Mac Edition User Guide.

About VIA

Virtual Intranet Access (VIA) is part of the Aruba remote networks solution targeted for teleworkers and mobile users. VIA detects the users network environment (trusted and untrusted) and automatically connects the user to their enterprise network. Trusted network typically refers to a protected office network that allows users to directly access corporate intranet. Untrusted networks are public Wi-Fi hotspots such as airports, cafes, or home network. The VIA solution comes in two parts— VIA connection manager and the controller configuration.

Contacting Support

Table 1: Contact Information

Main Site

Support Site

Airheads Social Forums and Knowledge Base

North American Telephone

1-800-943-4526 (Toll Free)

1-408-754-1200

International Telephone

Software Licensing Site

End of Life Support Information

Wireless Security Incident Response Team (WSIRT)

Support Email Addresses

Americas and APAC

EMEA

Wireless Security Incident Response Team (WSIRT)

Chapter 1 What’s New in This Release New Platform Support From current release onwards Aruba

Chapter 1 What’s New in This Release

New Platform Support

From current release onwards Aruba VIA is supported on Mac OS X 10.9 (Mavericks) platform.

Fixed Issues

The following issues are resolved in Aruba VIA 2.0.1.0:

Mac

Table 2: Mac - Fixed Issues

Bug ID

Description

22950

Symptom: The Mac VIA log structure was complex and the user was unable to read it. This issue is resolved by simplifying the logs. Scenario: This issue was observed is systems running Mac version 10.9 with VIA 2.0.0.2.

22952

Symptom: VPN plugin crashed if unicode language characters were used in the username/pasword. This issue is resolved by providing VPN plugin support for unicode language characters. Scenario: This issue was observed in systems running Mac version 10.8 and 10.9 with VIA 2.0.0.2.

22960

Symptom: When a user installed VIA the Unidentified Error message was displayed. This issue is resolved by making code level changes to the VIA installer and VIA app to override the warning message. Scenario: This issue was observed in systems running Mac version 10.8 and 10.9 with VIA 2.0.0.2.

22961

Symptom: Users found it difficult to update Access Control List (ACL) for certificates already present in the keychain. This issue is resolved by adding a shortcut for the VPN agent and a home folder to enable users to easily update the ACL for certificates. Scenario: This issue was observed in systems running Mac version 10.8 and 10.9 with VIA 2.0.0.2.

77215

Symptom: Mac VIA 2.0 edition did not support SSL fallback option with IKeV1 communication. This issue is fixed in the latest release of Mac VIA 2.0 edition that supports SSL fallback functionality. Scenario: This issue was observed in Mac VIA 2.0 edition. The client did not support SSL fallback option with IKeV1 communication. This issue was not limited to any specific controller model and occurred on controllers running ArubaOS 6.2 and 6.1.3.4.

Chapter 2 Features Added in Previous Releases

The following new features have been introduced in the VIA 2.0 Mac Edition:

Support for Suite-B

Suite B is a new set of cryptographic algorithms that are approved by the US Government for use in classified communication. Suite B provides the highest levels of security available today in public and commercial algorithms.

To enable Suite B connectivity, VIA has been enhanced to support RFC 4869 (Suite B Cryptographic Suites for IPsec.)

Additionally, VIA provides support for:

l

RFC 5246 and RFC 5430 — Extensible Authentication Protocol (EAP) offload with TLS v1.2

l

AES-GCM 128/256 for bulk data transfer

l

ECDSA for digital signatures, including support for X.509v3 certificates using ECDSA keys with p256/ p384 curves

l

ECDH for key agreement using p256/p384 curves

l

SHA-256 and SHA-384 for message digests

curves l SHA-256 and SHA-384 for message digests Suite B support requires a controller running ArubaOS

Suite B support requires a controller running ArubaOS 6.1 or greater with the Advanced Cryptography License. See the Software Licenses chapter in the latest ArubaOS user guide for more information.

Split Tunnel

With this option, all traffic to the VIA tunneled networks goes through the controller and the rest is bridged directly on the client.

Support for Certificate-based Authentication

Provides support for certificate-based authentication such as RSA and EC. The IKEv1 supports only RSA whereas IKEv2 supports both RSA and EC.

Support for IKEv2

IKEv2 supports a wider variety of authentication mechanisms and it is faster when compared to IKEv1 method.

IKEv2 has only single phase authentication process. Aruba VIA 2.0.1.0 Mac Edition supports the following IKEv2 authentication methods:

l

X.509 certificate. Controllers running ArubaOS 6.1 or greater support OCSP for the purpose of validating a certificate that has not been revoked.

l

EAP (Extensible Authentication Protocol) including EAP-TLS and EAP-MSCHAPv2.

Support for OTP

Aruba VIA 2.0.1.0 Mac Edition supports the authentication based on One Time Password (OTP). This password is valid only for a single login session. Whenever a user establishes a new VPN session, the UI prompts for an OTP.

Authentication Profile Selection in VIA

With this feature, the users can select the authentication profile in the VIA connection manager upon entering their credentials (as shown in the following figure). This authentication profile is configured on the controller.

Figure 1 Authentication Profile Selection in VIA

Figure 1 Authentication Profile Selection in VIA System Extra Menu System extra menu is displayed when

System Extra Menu

System extra menu is displayed when a VIA connection is established.

Figure 2 System Extra Menu

a VIA connection is established. Figure 2 System Extra Menu The system extra menu can be

The system extra menu can be used for the following:

l

View the connection status such as connecting, disconnecting, connected, and disconnected.

l

Start or stop the connection.

Send UDID to Controller

Sends unique device identifier (UDID) string of the VIA client to the controller. Using this string, the behavior of the client can be monitored.

The following issues were fixed in the previous releases of VIA:

Issues Fixed in VIA 2.0.0.2

The following issues were fixed in VIA 2.0.0.2:

MacOS

Table 3: MacOS Fixed Issues

Chapter 3 Issues Fixed in Previous Releases

Bug ID

Description

77521

Symptom: VIA client requests authentication password every time the VIA configuration was changed and the VIA user interface comes up. The issue is now fixed and VIA does not request for the authentication password each time VIA configuration is changed. Scenario: This issue was observed in VIA 2.0 client running on Mac OS Lion (10.7.X) and Mountain Lion (10.8) and was not limited to a specific controller model.

77678

Symptom: The Assigned IP address and Packet sent/received options under Connection Details tab were blank even after successful VIA connection after the client resumes sleep mode. The issue is fixed when the IP address and Packet Sent/Received fields are correctly updated after the client resumes from sleep mode. Scenario: The issue was observed when client resumed from its sleep mode. The VIA connection was successful but the IP address and status options were shown blank. The issue occurred in Mac VIA 2.0 client version and it not limited to a specific controller model.

81797

Symptom: The Mac user interface crashed after the client resumed from the sleep mode. Checks to the null string resolves the issue. Scenario: The issue was observed when client resumed from sleep mode and the VIA profile was not available. Due to this, the Mac user interface crashed. The issue occurred in VIA 2.0 client version and it was not limited to a specific controller model.

Issues Fixed in VIA 2.0.0.1

The following issue was fixed in VIA 2.0.0.1:

VPN Connectivity

Table 4: VPN Connectivity Fixed Issues

Bug ID

Description

77849

Symptom: After resuming from sleep mode, the VIA status showed as connected but the internal network was not reachable. To fix this issue changes are done to the internal VPN services, where- in the VIA automatically disconnects when it enters into sleep mode and connects back when it resumes back from the sleep mode. Scenario: After connecting to VIA 2.0 Mac edition if it was put in the sleep mode and when VIA comes back from this mode the status is showed as connected. But the users were unable to access the internal network. This was a rare issue and is not specific to any controller model or software version.

Issues Fixed in VIA 2.0

The following issues were fixed in VIA 2.0:

Installer-VIA

Table 5: Installer - VIA Fixed Issues

Bug ID

Description

53974

Symptom: VIA was not able to create a secure connection in an untrusted network. Scenario: This issue occurred when upgrading the VIA client to 2.0. VIA performs a check for trusted and untrusted network and though the network is untrustworthy, it does not establish an IPSec connection.

50838

Symptom: The VIA connection manager did not respond during disconnection phase. Scenario: This issue occurred when the user clicked Disconnect and VIA took a long time to disconnect.

Chapter 4 Known Issues The known issues and limitations observed in the previous releases of

Chapter 4 Known Issues

The known issues and limitations observed in the previous releases of VIA are described in the following table. Bug IDs and applicable workarounds are included.

MacOS

Table 6: MacOS Known Issues

Bug ID

Description

73290

Symptom: When switching between different SSIDs, VIA 2.0 client does not detect the trusted networks accurately. Scenario: When a client switches between the two trusted networks. VIA client detects the second trusted network as untrusted network and connects automatically. This issue is observed in all controllers running on ArubaOS 6.2 and 6.1.3.4. Workaround: None