=====================================
Bonded Internet 2013.6 release notes
=====================================

December 13, 2013

Bonded Internet 2013.6 supports Debian 7 (Wheezy) and improves provisioning capabilities. Bonders can be provisioned without assigning them to specific bonds- they can now be configured through a simple web interface after being deployed at a customer's site. In addition, a bonder can be reset and used as a template for hard disk or network multicast cloning to make tens or hundreds of new bonders at once. In addition, a web service on the bonder has been added to show basic configuration and leg status information to the customer.

Bonding node
-------------

Additions
^^^^^^^^^^

- Debian 7 (Wheezy) is now supported. Debian 6 (Squeeze) bonders will continue to be supported. Please update your provisioning USB disks, CDs, and PXE servers to begin imaging new bonders and aggregators as Wheezy.
- Bonders offer a simple web service, accessible via the connected IPs and trusted remote IPs, that show basic details about the current configuration including the state of the bonder's legs.
- Bonders can be provisioned without assigning them to a specific bond. They can then be configured from the web service after deploying them at a customer site.
- The bonding-deconfigure script resets a bonder to a generic configuration. The bonder's hard disk image can then be used as a template for provisioning other bonders.

Changes
^^^^^^^^

- Applications that download files from the management server check the server's SSL certificate. Invalid or self-signed certificates must be accepted by the user. Updated applications include the package installer, nodeconfig, and the configuration web service.
- The TCP proxy application runs as the bonding user.
- The tunnel application is started as the bonding user; it is no longer started as root before dropping its privileges.
- When a leg is down, the tunnel changes its UDP socket source port every 30 seconds. This helps to avoid buggy ISP connection tracking.

Fixes
^^^^^^

- Moving a bond to a new aggregator no longer risks the bonder going offline for up to 40 seconds.
- Changing the tunnel authentication option no longer risks the bonder going offline for up to 40 seconds.
- When the management server VPN is unavailable, fewer messages appear in the bonding log while trying to reconnect.
- TCP proxy routing rules are consistent between the aggregator and bonder.
- The syslog service has a limited message buffer. This ensures the node applications don't block, or block for only a short period of time, if syslog is unable to flush its messages to disk.
- The syslog service now sends Bonded Internet messages only to the files in /var/log/bonding and no longer duplicates them in /var/log/syslog.
- The service heartbeat check no longer restarts the node service unnecessarily in a certain rare situation.
- The tunnel no longer crashes in a rare case when a speed test cannot be negotiated with the peer.
- Bonder DNS redirection is now more robust when a leg is configured that has no Internet access.
- Bonder DNS redirection on bonders no longer fails when the last leg is stopped.

Removals
^^^^^^^^^

- Debian 5 (Lenny) is no longer supported. Lenny bonders will continue to be managed by the web application until June 2014; however, they cannot install 2013.6 or any future versions of Bonded Internet. Critical bugs will still be fixed in 2013.5, the last version with Lenny support.

Patches
^^^^^^^^

:2013.6-1: Fixes an issue causing incorrect subnet masks to be used in connected IPs, CPE NAT IPs, and routes. Improves dependency package management to make upgrades more reliable.
:2013.6-2: Fixes a crash in the tunnel application when an IP is removed from an interface in a certain circumstance.

Bonding admin
--------------

Changes
^^^^^^^^

- Node status indicators update immediately when the node VPN client connects or disconnects.
- The upgradebonders script no longer offers to upgrade Debian 5 bonders.
- The upgradebonders Django command restarts bonder firewalls.
- New nodes are configured to use http.debian.net as their Debian mirror.
- Service management and init scripts have been redesigned.
- Speed test index pages load much faster.
- It is no longer a validation error to configure two private connected IPs in the same subnet on the same bond.
- The custom ISO has a 2-level boot menu instead of a single level with multiple options. Each logical option has its own menu.

Fixes
^^^^^^

- It is a validation error to provide a non-network address for a routed block.
- CPE NAT IPs update their subnet masks when the destination IP field is changed to a different connected IP.
- CPE NAT IPs update their subnet masks when the related connected IP changes its subnet mask.
- No error message is shown when leaving the speed test results page while results are still loading.
- Django processes start faster by delaying calling certain system commands.

Patches
^^^^^^^^

:2013.6-1: Fixes an issue creating new users and some minor display issues due to new HTML5 form inputs.
:2013.6-2: Backs up more configuration files, simplifies logging, and fixes a few minor bugs.
