New features & improvements
Free IPSec/PPTP tunnels
Auto link failover/backup links
AES encryption support
Better management assistant
Upgrade to OpenBSD 2.9
NAT Support for IPSec Tunnels
DHCP Server improvements
Connect tunnels limit set
The firmware release 2.3 for the 2000 product series is now available. The 2.3 firmware offers many new benefits to existing and new 200 series customers. Some of the major improvements are:
The following new features and improvements to the 2000 product series are now available:
The 2000 series units will, for a limited time, be enabled with support for a limited number of VPN tunnels for free. No Feature Set is required to be purchased to activate support for these tunnels. Support is included for a limited number of tunnels in the SRA and SSV Feature Sets. The actual number of tunnels supported is listed in the table below.
Free Tunnel Limits in ePipe 2000 series
|Feature Set||Tunnel Type||Free Tunnels||With Feature Set Activation|
Feature Sets can be purchased through your ePipe reseller.
NOTE: The maximum number of tunnels supported by the 2000 series has changed. Click here for more information.
Firmware 2.3.0 now supports automatic fail-over to one or more backup links in the event the primary link(s) are disconnected. This facility enables a network to stay connected to the Internet and to other sites via VPNs in the event that all primary links are disconnected. For example, a 2242 with an ADSL service can now auto fail-over to an ISDN or analog modem backup link in the event the ADSL service is disconnected. This facility provides maximum uptime for Internet connected networks in the wired world.
IKE is a protocol designed to automate the establishment of IPSec tunnels, with the goal of making large, multi-vendor VPN networks easier to install and manage. IKE achieves this by automatically negotiating and exchanging all information necessary to setup an IPSec tunnel between two (2) IPSec devices or gateways.
IKE has been built into the 2.3.0 firmware to enable the 2200 products to interoperate with other leading IPSec devices, including:
This enables IPSec tunnels to be established between ePipe gateway and most other IPSec devices, although without the advantages of using ML-IP or E2B, as the 3rd party device would need to support these technologies to achieve IP-layer bonding.
The following vendors equipment or software has been tested successfully:
NOTE: 2100 units do not support IKE and can not, therefore, be used for IPSec tunnels between other vendors' devices.
AES (Advanced Encryption Standard) or Rijndael is the new encryption standard selected by the US Government to replace DES (Data Encryption Standard) and 3DES. AES is both more efficient and cryptographically stronger than 3DES.
AES is now supported in all ePipes running 2.3.0 software. The ePipe implementation of AES uses 128 bit keys and is supported by both E2B-IPSec and IKE-IPSec tunnels for bulk encryption.
All of the pre-defined filter rules created by the ePipe Management Assistant are now stronger with closer matching of packets based on source and destination port numbers. Each filter rule can also be limited to allow packets based on time of day and day of week, providing the network administrator with greater control over Internet and VPN access.
ePipe's browser-based user interface has been improved, with better usability based on feedback from customers. Some of the changes include:
The 2000 series kernel is based on the UNIX operating system OpenBSD, designed and built as a secure operating system. With ePipe 2.3.0 software, ePipe has upgraded the OpenBSD kernel to version 2.9, which incorporates the latest improvements in network, driver, IPSec and filtering improvements to the 2000 range.
Each link, whether it be dial-up, xDSL, cable or router based, can now be configured to only connect between specific times of the day. This is available in the bandwidth settings for each link, through the Bundle Manager, in the ePipe Management Assistant. This is useful when Internet services are charged based on time and the customer wishes to minimize these charges when no one is using the Internet. For example, Internet links could be setup to connect at 8am and disconnect at 6pm to span the normal working day.
Dynamic NAT is now supported on E2B based IPSec tunnels (client end only). This may be useful in situations where there are multiple E2B-IPSec tunnels to IP subnets which use the same IP addresses. NAT can be used to effectively hide the IP addresses of the remote networks from the central site. Note that NAT does not work with all application traffic traversing the tunnel.
The DHCP Server in the 2000 series has been significantly improved. The following options can now be set in the DHCP Server providing more flexibility and control over the settings allocated to the DHCP clients:
With the introduction of new features in firmware release 2.3.0, especially support for IPSec tunnels negotiated with IKE, the maximum number of connected tunnels supported in the 2000 series has changed. The major changes include:
NOTE: These changes do NOT affect ePipe ServerWare.
The following table shows the new and previous limits.
Tunnel Limits in ePipe 2000 series
|Feature Set||Tunnel Type||Limit (2.3.0 and beyond)||Limit (earlier than 2.3.0)|
|FREE Limited tunnel support (No VPN Feature Sets required)||E2B-IPSec||2 client
|IKE-IPSec §||1 *||-|
16 server (2100 series)
64 server (2200 series)
|IKE-IPSec §||4 *||Not supported|
* IKE-IPSec tunnels can be client, server or peer-to-peer.
§ IKE-IPSec are not supported on ePipe 2100 series units.
Copyright © 2002 ePipe Pty. Ltd. All rights reserved.