Release Notes CSG 7.1.22

Collax Security Gateway
11.05.2021

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

Net: IPv6 Support ready

Mit diesem Update erhalten Collax Server eine vollständige Unterstützung des Protokolls IPv6. Hierbei kann der Server im Dual-Stack-Modus betreiben werden, das bedeutet, dass der Internetanschluss mit einer externen IPv4- und IPv6-Adresse betrieben werden kann. Als reiner Server kann er für die Erreichbarkeit per IPv6 eingerichtet werden. Als Router kann er die Verbindung zu einem Internet-Provider aufbauen und das Netzwerk mit IPv6-Adressen versorgen. Die Vergabe von IPv6-Adressen erfolgt dynamisch, so dass keine unhandlichen Bezeichner von Hand konfiguriert werden müssen.

All services on the new Collax Server platform are prepared to beeing integrated into IPv6 networks. The IPv6 support will be completed in a future release.

Add-on Software: Virus scanner pattern update

The update mechanism and the status of the virus patterns of all installed and activated virus scanners can be viewed and managed via the menu item “Software - Virus scanner”. At this point, some fixes and improvements were implemented. The display was supplemented to the effect that the used virus scanners, including their usage (Mail, Web or File) and the pattern versioning can be displayed in a table. In addition to the automatic pattern updates these can also be updated manually. A note about the update virus scanner action: If a scanner is not used, the button is now grayed out. Furthermore, the notification in the active monitoring has been corrected so that under certain circumstances was notified of outdated patterns even though the scanner was not or no longer in use.

Misc: Improved DynDNS and IPv6

Dynamic DNS is used to resolve hosts with dynamic ip addresses via a fixed name.

With this update the previous software component ipcheck is replaced by ddclient. In addition to IPv4, the DynDNS client ddclient also supports IPv6. In addition, the number the DynDNS provider added 12 more.

System Management: Linux Kernel 4.9.266

This update installs Linux kernel 4.9.266.

File: Scripting Language PHP - 7.4.16

This update installs PHP version 7.4.16.

Notes

E-Mail: Avira AntiVir prior Version 7.1.6

From Avira, an automatic update of the core components of Avira has been carried out. In this context, a new dependency of the libraries has been added, the next time the virus scanner is not started can be resolved. The result is that the virus scanner does not work during a reboot or configuration change is restarted. For security reasons, emails will no longer be delivered. To solve the problem, please update your server to version 7.1.6. Note: As long as the virus scanner is not restarted, it works in its entirety.

E-Mail: Retrieving Mail with SSL and validate server certificate

SSL/TLS encryption can used to retrieve e-mail from external e-mail providers. With the SSL-encrypted collection, expired and self-signed certificates are saved and accepted by the server. If this is not desired, the option “Validate server certificates” can be set with this release.

Important: It is recommended to activate and test the setting “Validate server certificate”. In the past it was common to accept expired and self-signed certificates for encrypted collection. This should no longer be necessary and should be avoided.

E-Mail: Changed ruleset format of Spam Filter SpamAssassin

Please note: On March 1st, the SpamAssassin project will change the format of the ruleset updates. From this date on, only systems that have installed Update 7.1.10 will receive updates.

VPN: Fix for IKEv2 with Microsoft Windows stops after 7.6 hours

VPN connections with IKEv2 and the on-board resources of Microsoft Windows interrupt after exactly 7.6 hours. The error occurs because Microsoft Windows proposes different algorithms during IKE re-encryption than during the first connection. The problem can be solved with a registry fix by changing the value “NegotiateDH2048_AES256” to 1 under HKEY_LOCAL_MACHINE \ SYSTEM
CurrentControlSet \ Services \ RasMan \ Parameters.

Under the following link you will find a REG.file (registry entry) that adds the registry key. Collax assumes no liability for system errors that result from it.