Beta Software ER605 V2_2.1.4_Build 20230727 Beta Firmware For Trial (Released on Aug 2nd, 2023)
This Article Applies to: ER605 v2 / v2.6_2.1.4_20230720 (Beta) | Fully adapted to Omada SDN Controller v5.11
Update as of Aug 2, 2023:
Thank you all for your valuable feedback on the ER605 2.1.4_20230720(Beta)!
Update the Beta firmware of ER605, which now includes the issue fixed that the ER605 V2 as an OpenVPN client failed to make all the Internet traffic be routed through the VPN tunnel.
ER605_V2_2.1.4_Build20230727 (Beta)
Notes:
(1) The above firmware is applied to ER605 V2 and V2.60.
(2) Your device’s configuration won’t be lost after upgrading.
(3) The above firmware is fully adapted to Omada SDN Controller 5.11.
Hello Everyone,
This release is mainly to fix some issues based on the ER605 V2 2.2.0 official firmware. Please check the following release notes for more about the fixes.
The Purpose of the Beta Firmware
We hope to offer you with a chance to experience the new features added in the Controller v5.11 in advance, and also give us TP-Link the opportunity to fully test the firmware in your real network environment and scenarios before the official release.
Release Notes
New Feature/Enhancement
1. Add ACL support for IPv6 data.
2. Add support for IPv6 RA (Router Advertisement) configuration for LAN.
3. Add support for configuring multiple IP addresses on the WAN port.
4. Add support for monitoring session limits in controller mode.
5. Add support for configuring the MSS (Maximum Segment Size) of WAN port.
6. Add support for Gateway Tools in Controller mode:
- Ping.
- Traceroute.
- Terminal.
7. Add support for the ability to download device info of Gateway in Controller mode.
8. Add support for Location Group in Gateway ACL.
9. Add support for white list of MAC filtering in Controller mode.
10. Add support for tagging same VLAN ID on different WAN port.
11. Increased security of communication between Gateway and Controller.
12. Add support for DNS cache, which can improve domain name resolution speed by handling recent address resolutions locally before sending request to Internet
13. Add support for DH 14 and DH 15 for PFS.
14. Add support for 0.0.0.0/0 IP range of local network when using IPsec IKEv2 for Client-to-Site VPN.
15. Add support for DDNS custom intervals (1~60 minutes).
16. Add support for link-local addresses or unique local addresses of IPv6 DNS on the LAN side.
17. Log Enhancements.
- Show the source IP address of TCP no-Flag /ping of death attacks.
- Show the log of link backup switching.
- Show the log of DDNS update.
- Logs can be saved when the device is down. You need to short press the reset button within 5s, and after releasing the reset button, the sys light will be on for 3 seconds to indicate that the downtime log is saved successfully.
Bug Fixed
1. Fix the bug that ICMP type 13 packets cannot be intercepted.
2. Fix the bug that VPN Client cannot access the other side through IPsec when the device act as a PPTP/L2TP/OpenVPN Server and also establishes IPsec VPN with other devices.
3. Fix the bug that VPN client cannot proxy Internet access when VPN IP Pool and LAN IP are in the same network segment.
4. Fix the bug of CPU abnormality caused by enabling more VLAN Interface.
5. Fix the bug of high latency in ISP Load in Controller mode.
6. Fix the bug of frequent reconnection with Omada Controller.
7. Fix the bug that the VLAN configuration of IPTV is affected by the VLAN configuration of WAN port in Controller mode.
8. Fix the bug that the device does not support proxy internet access as Wireguard VPN client.
9. Fix the bug that Port Forwarding does not take effect under multiple WAN ports.
10. Fixed the issue that the Router might become “DISCONNECTED” in the controller after upgrading to firmware 2.2.0. Reported Here.
11. Fixed the issue that new clients might lose Internet when bandwidth control is configured.
12. Fixed the issue that OpenVPN Server no longer works after upgrading to firmware 2.2.0. Reported Here.
13. Fixed the issue that Internet/DNS resolving might not work when using OpenVPN Connect App/Software to connect to the Router’s OpenVPN Server.
14. Fixed the issue that the ER605 V2 as an OpenVPN client failed to make all the Internet traffic be routed through the VPN tunnel.
Beta Firmware Download
Please be sure you have read the Beta Test Agreement before upgrading the Beta firmware!
ER605_v2_2.1.4_Build 20230720 (Beta)
Notes:
(1) The above firmware is applied to ER605 V2 and V2.60.
(2) Your device’s configuration won’t be lost after upgrading.
(3) The above firmware is fully adapted to Omada SDN Controller 5.11.
Update as of Aug 2, 2023:
Update the Beta firmware of ER605, which now includes the issue fixed that the ER605 V2 as an OpenVPN client failed to make all the Internet traffic be routed through the VPN tunnel.
ER605_V2_2.1.4_Build20230727 (Beta)
Notes:
(1) The above firmware is applied to ER605 V2 and V2.60.
(2) Your device’s configuration won’t be lost after upgrading.
(3) The above firmware is fully adapted to Omada SDN Controller 5.11.
Feedback
Any further feedback on the new firmware, please feel free to comment below or start a new thread from HERE.
To get better assistance, you may check Tips For Efficiently Reporting an Issue In The Community.
When reporting an issue, especially it's about firmware upgrade, it's suggested to include the following info:
- Management mode (Controller or Standalone)
- Device Model(s) and Hardware
- Device Firmware (previous and current)
Thank you in advance for your great cooperation and support.
Recommended Threads
Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates
Current Available Solutions to Omada Router Related Issues [Actively Updated, Post for Subscription]
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Clive_A !
For my configuration, can I export it through the forum or via the ticket you opened for me ?
I joined to you the config in attached file.
For Wireshark, it's not possible because I switch back to my ER605 v1 for the moment and the v2 is off for the moment. Actually I need my network to work at home and probably do the swap to the ER605 v2 during the week-end when I'm alone.
Cheers, ElMajor76.
- Copy Link
- Report Inappropriate Content
Hi @ElMajor76
Let's follow this on this by email. I will arrange a remote session for you with our test team. I hope you can get ready with the ER605 V2 and team will pinpoint the issue during that.
- Copy Link
- Report Inappropriate Content
Hi @yavin
So, if you see the post I sent to ElMajor earlier, can you reply to me with the info I need? I need information about the mDNS.
https://community.tp-link.com/en/business/forum/topic/615998?replyId=1242992
If you can provide details about your mDNS, I can collect the backup of yours and see what I can do and help.
If you are able to provide the Wireshark capture of your mDNS, that would be great to check if your Bonjour Service is correct.
https://www.tp-link.com/en/support/faq/3235/
I want to find out if your device is actually broadcasting them DNS and whether your Bonjour Service is set correctly. Because the Wireshark can reflect the correct and full-service parameters.
e.g. airplay, its correct, and the full Bonjour Service protocol should be like _airplay_tcp.local
- Copy Link
- Report Inappropriate Content
Hi @yavin
Do you have any ACL? Based on ElMajor's case, our test team has preliminarily concluded that certain users set up ACL and ACL blocks the mDNS packet across VLAN.
- Copy Link
- Report Inappropriate Content
I am currently on the road professionally and not at home.
I have actually no access to the ER605 (clamped) because the OPNsense is currently running as a transition.
I have several VLANs. This is a private one with all Apple devices such as home pods, etc., and an IoT VLAN, in which Hue, HomematicIP, etc. are located.
As a service network I selected IoT and as a client network the private one (at the other side for the test).
Even after a restart of the ER605 v2 after mDNS setting, I was unable to reach any mDNS (aka voice command Siri switch light on (Hue) ).
As ACL rules, I stopped intervlan-routing purely after RFC1918 as Gateway ACLs cause SPI, with an assumption that the private VLAN can be fully communicated into the IoT VLAN (and mDNS also).
The ACLs are set as gateway ACLs (cause SPI) and also function as they should, except mDNS.
Many greetings
yavin
- Copy Link
- Report Inappropriate Content
Hi @yavin
Thanks for posting in our business forum.
Can you export the backup for support? And let me know when you can send the backup. I'll pass it on to the test team.
- Copy Link
- Report Inappropriate Content
Hi @yavin
Thank you so much for taking the time to post the issue on TP-Link community!
To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID is TKID230843738, please check your email box and ensure the support email is well received. Thanks!
Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.
Many thanks for your great cooperation and patience!
- Copy Link
- Report Inappropriate Content
I tested Wireguard Connection (tplink as Wireguard client connected to wireguard server ) and i found BUG
Configuration
LAN1
192.168.42.1 simpley router with port redirect UDP 41820 to Linux Server
192.168.42.2 Linux Server with Wireguard Server WAN ip 91.X.X.X port 41820 , WG interface : 10.65.48.1 (NAT etc itp enable)
192.168.42.3 Windows OS
LAN2
192.168.30.1 Router Tplinka ER-605 V2 fw2.1.4 with wireguard WG interface 10.65.48.2
192,168.30.2 Windows - my machine where do i ping from
When Allow IP is set to .0.0.0.0/0 i can Ping 10.65.48.1 , 192.168.42.1, 192.168.42.2, 192.168.42.3 - everything works!
but when allow ip i set to 192.168.42.0/24 or 10.65.48.0/24 - I can't ping anything
In Wireguard Windows client config works without problem with AllowedIPs = 10.65.48.0/24, 192.168.42.0/24, ::/1, 8000::/1 (it passes traffic to lan2 through vpn but regular internet traffic does not go through vpn, and that's how it should work)
In addition, the endpoint does not allow you to enter the hostname, it only requires the ip address
- Copy Link
- Report Inappropriate Content
I need that too. I didn't know what to say when @Clive_A said the router is using both port 80 and 443. It just doesn't make sense.
ElMajor76 wrote
I need the port 80 to generate my certificate via Let's Encrypt and the port 443 is to established a secure connection via HTTPS to my self hosted services.
- Copy Link
- Report Inappropriate Content
DNA1010 wrote
I need that too. I didn't know what to say when @Clive_A said the router is using both port 80 and 443. It just doesn't make sense.
ElMajor76 wrote
I need the port 80 to generate my certificate via Let's Encrypt and the port 443 is to established a secure connection via HTTPS to my self hosted services.
what i understand him is that he is trying to say that you cannot use a port that has already been taken. if you enable remote management, the 80 and 443 are enabled for remote access. you can port forward 80 and 443 to a local service, but this is based on the precondition that 80 and 443 are not enabled by "remote management".
do you know this feature? is it enabled? if enabled, you type in the ip in the address bar and you access your router's web page by your public ip. 80 and 443 are used by default.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 3
Views: 32674
Replies: 134