Upload
lalucioleddy
View
218
Download
0
Embed Size (px)
Citation preview
8/11/2019 Aruba VIA 2.0.10_Release Notes.pdf
1/12
Aruba VIA 2.0.1.0
Mac Edition
ReleaseNotes
8/11/2019 Aruba VIA 2.0.10_Release Notes.pdf
2/12
0511257-00v1 | April 2014 Aruba VIA 2.0.1.0 Mac Edition | Release Notes
Copyright
2014 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks,
Aruba Wireless Networks, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management
System, Mobile Edge Architecture, People Move. Networks Must Follow, RFProtect, Green Island. All rights
reserved. All other trademarks are the property of their respective owners.
Open Source Code
Certain Aruba products include Open Source software code developed by third parties, including software code
subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open
Source Licenses. Includes software from Litech Systems Design. The IF-MAP client library copyright 2011 Infoblox,
Inc. All rights reserved. This product includes software developed by Lars Fenneberg et al. The Open Source code
used can be found at http://www.arubanetworks.com/open_source.
Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate
other vendors VPN client devices constitutes complete acceptance of liability by that individual or corporation for
this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it
with respect to infringement of copyright on behalf of those vendors.
Warranty
This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information,
refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS.
Altering this device (such as painting it) voids the warranty.
8/11/2019 Aruba VIA 2.0.10_Release Notes.pdf
3/12
Aruba VIA 2.0.1.0 Mac Edition | Release Notes Contents |3
Contents
Contents 3
Release Overview 5
About VIA 5
Contacting Support 5
Whats New in This Release 6
New Platform Support 6
Fixed Issues 6
Mac 6
Features Added in Previous Releases 7
Support for Suite-B 7
Split Tunnel 7
Supportfor Certificate-based Authentication 7
Support for IKEv2 7
Support for OTP 7
Authentication Profile Selection in VIA 8
System Extra Menu 8
Send UDID to Controller 8
Issues Fixed in Previous Releases 9
Issues Fixed in VIA 2.0.0.2 9
MacOS 9
Issues Fixed in VIA 2.0.0.1 9
VPN Connectivity 9
Issues Fixed in VIA 2.0 10
Installer-VIA 10
Known Issues 11
MacOS 11
8/11/2019 Aruba VIA 2.0.10_Release Notes.pdf
4/12
8/11/2019 Aruba VIA 2.0.10_Release Notes.pdf
5/12
Aruba VIA 2.0.1.0 Mac Edition | Release Notes Release Overview |5
Chapter 2
Release Overview
Aruba VIA 2.0.1.0 is a software patch release that introduces fixes to the issues detected in the previous releases of
Aruba VIA Mac Edition.
For more information on features described in the following sections, see the latest VIA Mac Edition User Guide.
About VIA
Virtual Intranet Access (VIA) is part of the Aruba remote networks solution targeted for teleworkers and mobile
users. VIA detects the users network environment (trusted and untrusted) and automatically connects the user to
their enterprise network. Trusted network typically refers to a protected office network that allows users to directly
access corporate intranet. Untrusted networks are public Wi-Fi hotspots such as airports, cafes, or home network.
The VIA solution comes in two parts VIA connection manager and the controller configuration.
Contacting Support
Main Site http://www.arubanetworks.com
Support Site https://support.arubanetworks.com
Airheads Social Forums an d KnowledgeBase
http://community.arubanetworks.com
North American Telephone 1-800-943-4526 (Toll Free)
1-408-754-1200
International Telephon e http://www.arubanetworks.com/support-services/aruba-support-program/contact-support/
Software Licensing Site https://licensing.arubanetworks.com/
End of Life Support Information http://www.arubanetworks.com/support-services/end-of-life-products/end-of-life-policy/
Wireless Security Incident ResponseTeam (WSIRT)
http://www.arubanetworks.com/support-services/security-bulletins/
Support Email Addresses
Americas and APAC [email protected]
EMEA [email protected]
Wireless Security Incident ResponseTeam (WSIRT)
Table 1:Contact Information
https://support.arubanetworks.com/http://community.arubanetworks.com/http://www.arubanetworks.com/support-services/aruba-support-program/contact-support/http://www.arubanetworks.com/support-services/aruba-support-program/contact-support/http://www.arubanetworks.com/support-services/aruba-support-program/contact-support/mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]://www.arubanetworks.com/support-services/aruba-support-program/contact-support/http://www.arubanetworks.com/support-services/aruba-support-program/contact-support/http://www.arubanetworks.com/support-services/aruba-support-program/contact-support/http://www.arubanetworks.com/support-services/aruba-support-program/contact-support/http://community.arubanetworks.com/https://support.arubanetworks.com/http://www.arubanetworks.com/8/11/2019 Aruba VIA 2.0.10_Release Notes.pdf
6/12
Aruba VIA 2.0.1.0 Mac Edition | Release Notes Whats New in This Release |6
Chapter 1
Whats New in This Release
New Platform Support
From current release onwards Aruba VIA is supported on Mac OS X 10.9 (Mavericks) platform.
Fixed Issues
The following issues are resolved in Aruba VIA 2.0.1.0:
Mac
Table 2:Mac - Fixed Issues
Bug ID Description
22950 Symptom: The Mac VIA log structure was complex and the user was unable to read it. This issue isresolved by simplifying the logs.
Scenario: This issue was ob served is systems running Mac version 10.9 with VIA 2.0.0.2.
22952 Symptom: VPN plugin crashed if unicode language characters were used in theusername/pasword. This issue is resolved by providing VPN plugin support for unicode languagecharacters.
Scenario: This issue was observed in systems running Mac version 10.8 and 10.9 with VIA 2.0.0.2.
22960 Symptom: When a user installed VIA theUnidentified Error message was displayed. This issue isresolved by making code level changes to the VIA installer and VIA app to override the warningmessage.
Scenario: This issue was observed in systems running Mac version 10.8 and 10.9 with VIA 2.0.0.2.
22961 Symptom: Users found it difficult to update Access Control List (ACL) for certificates already presentin the keychain. This issue is resolved by adding a shortcut for the VPNagent and a home folder toenable users to easily upda te the ACL for certificates.
Scenario: This issue was observed in systems running Mac version 10.8 and 10.9 with VIA 2.0.0.2.
77215 Symptom: Mac VIA 2.0 edition did not support SSL fallback option with IKeV1 communication. Thisissue is fixed in the latest release of Mac VIA 2.0 edition that supports SSL fallback functionality.
Scenario: This issue was observed in Mac VIA 2.0 edition. The client did not support SSL fallbackoption with IKeV1 communication. This issue was not limited to any specific controller model andoccurred on controllers running ArubaOS 6.2 and 6.1.3.4.
8/11/2019 Aruba VIA 2.0.10_Release Notes.pdf
7/12
Aruba VIA 2.0.1.0 Mac Edition | Release Notes Features Added in Previous R eleases | 7
Chapter 2
Features Added in Previous Releases
The following new features have been introduced in the VIA 2.0 Mac Edition:
Support for Suite B
Suite B is a new set of cryptographic algorithms that are approved by the US Government for use in classified
communication. Suite B provides the highest levels of security available today in public and commercial algorithms.
To enable Suite B connectivity, VIA has been enhanced to support RFC 4869 (Suite B Cryptographic Suites for
IPsec.)
Additionally, VIA provides support for:
l RFC 5246 and RFC 5430 Extensible Authentication Protocol (EAP) offload with TLS v1.2
l AES-GCM 128/256 for bulk data transfer
l ECDSA for digital signatures, including support for X.509v3 certificates using ECDSA keys with p256/ p384
curves
l ECDH for key agreement using p256/p384 curves
l SHA-256 and SHA-384 for message digests
Suite B support requires a controller running ArubaOS 6.1 or greater with the Advanced Cryptography License. See
the Software Licenses chapter in the latest ArubaOS user guide for more in formation.
Split Tunnel
With this option, all traffic to the VIA tunneled networks goes through the controller and the rest is bridged directly on
the client.
Support for Certificate based Authentication
Provides support for certificate-based authentication such as RSA and EC. The IKEv1 supports only RSA whereas
IKEv2 supports both RSA and EC.
Support for IKEv2
IKEv2 supports a wider variety of authentication mechanisms and it is faster when compared to IKEv1 method.
IKEv2 has only single phase authentication process. Aruba VIA 2.0.1.0 Mac Edition supports the following IKEv2
authentication methods:
l X.509 certificate. Controllers running ArubaOS 6.1 or greater support OCSP for the purpose of validating a
certificate that has not been revoked.
l EAP (Extensible Authentication Protocol) including EAP-TLS and EAP-MSCHAPv2.
Support for OTP
Aruba VIA 2.0.1.0 Mac Edition supports the authentication based on One Time Password (OTP). This password is
valid only for a single login session. Whenever a user establishes a new VPN session, the UI prompts for an OTP.
8/11/2019 Aruba VIA 2.0.10_Release Notes.pdf
8/12
8 | Features Added in Previous Releases Aruba VIA 2.0.1.0 Mac Edition| Release Notes
Authentication Profile Selection in VIA
With this feature, the users can select the authentication profile in the VIA connection manager upon entering their
credentials (as shown in the following figure). This authentication profile is configured on the controller.
Figure 1 AuthenticationProfileSelection in VIA
System Extra Menu
System extra menu is displayed when a VIA connection is established.
Figure 2 System Extra Menu
The system extra menu can be used for the following:
l
View the connection status such as connecting, disconnecting, connected, and disconnected.l Start or stop the connection.
Send UDID to Controller
Sends unique device identifier (UDID) string of the VIA client to the controller. Using this string, the behavior of the
client can be monitored.
8/11/2019 Aruba VIA 2.0.10_Release Notes.pdf
9/12
Aruba VIA 2.0.1.0 Mac Edition | Release Notes IssuesFixed in PreviousR eleases | 9
Chapter 3
Issues Fixed in Previous Releases
The following issues were fixed in the previous releases of VIA:
Issues Fixed in VIA 2 0 0 2
The following issues were fixed in VIA 2.0.0.2:
MacOS
Table 3:MacOS Fixed Issues
Bug ID Description
77521 Symptom: VIA client requests authentication password every time the VIA configuration waschanged and the VIA user interface comes up. The issue is now fixed and VIA does not request forthe authentication p assword each time VIA configuration is change d.
Scenario:
This issue was observed in VIA 2.0 client running on Mac OS Lion (10.7.X) and MountainLion (10.8) and was not limited to a specific controller model.
77678 Symptom: The Assigned IP address and Packet sent/received options underConnection Detailstab were blank even after successful VIA connection after the client resumes sleep mode. Theissue is fixed when theIP address andPacket Sent/Received fields are correctly upda ted after theclient resumes from sleep mode.
Scenario: The issue was observed when client resumed from its sleep mode. The VIA connectionwas successful but the IP address and status options were shown blank. The issue occurred in MacVIA 2.0 client version and it not limited to a specific controller model.
81797 Symptom: The Mac user interface crashed after the client resumed from the sleep mode. Checks tothe null string resolves the issue.
Scenario: The issue was observed when client resumed from sleep mode and the VIA profile wasnot available. Due to this, the Mac user interface crashed. The issue occurred in VIA 2.0 clientversion and it was not limited to a specific controller model.
Issues Fixed in VIA 2 0 0 1
The following issue was fixed in VIA 2.0.0.1:
VPN Connectivity
Table 4:VPN Connectivity Fixed Issues
Bug ID Description
77849 Symptom: After re suming from sleep mode, the VIA status sho wed as con nected but the internalnetwork was not reachable. To fix this issue changes are done to the internal VPN services, where-in the VIA automatically disconnects when it enters into sleep mode and connects back when itresumes back from the sleep mode.
Scenario: After connecting to VIA 2.0 Mac edition if it was put in the sle ep mode and when VIAcomes back from this mode the status is showed as connected. But the users were unable toaccess the internal network. This was a rare issue and is not specific to any controller model orsoftware version.
8/11/2019 Aruba VIA 2.0.10_Release Notes.pdf
10/12
8/11/2019 Aruba VIA 2.0.10_Release Notes.pdf
11/12
Aruba VIA 2.0.1.0 Mac Edition | Release Notes Known Issues | 11
Chapter 4
Known Issues
The known issues and limitations observed in the previous releases of VIA are described in the following table. Bug
IDs and applicable workarounds are included.
MacOS
Bug ID Description
73290 Symptom: When switching between different SSIDs, VIA 2.0 client does not detect thetrusted networks accurately.
Scenario:
When a client switches between the two trusted networks. VIA client detects thesecond trusted network as un trusted network and conne cts automatically. This issue isobserved in all controllers running on ArubaOS 6.2 and 6.1.3.4.
Workaround: None
Table 6:MacOS Known Issues
8/11/2019 Aruba VIA 2.0.10_Release Notes.pdf
12/12