Aruba VIA 2.0.1.

0
Mac Edition
R
e
l
e
a
s
e
N
o
t
e
s
0511257-00v1 | April 2014 Aruba VIA2.0.1.0 MacEdition | Release Notes
Copyright
2014 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks

,
Aruba Wireless Networks

, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management
System

, Mobile Edge Architecture

, People Move. Networks Must Follow

, RFProtect

, Green Island

. All rights
reserved. All other trademarks are the property of their respective owners.
Open Source Code
Certain Aruba products include Open Source software code developed by third parties, including software code
subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open
Source Licenses. Includes software fromLitech Systems Design. The IF-MAP client library copyright 2011 Infoblox,
Inc. All rights reserved. This product includes software developed by Lars Fenneberg et al. The Open Source code
used can be found at http://www.arubanetworks.com/open_source.
Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate
other vendors VPN client devices constitutes complete acceptance of liability by that individual or corporation for
this action and indemnifies, in full, Aruba Networks, Inc. fromany and all legal actions that might be taken against it
with respect to infringement of copyright on behalf of those vendors.
Warranty
This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information,
refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS.
Altering this device (such as painting it) voids the warranty.
Aruba VIA2.0.1.0 Mac Edition | Release Notes Contents | 3
Contents
Contents 3
Release Overview 5
About VIA 5
Contacting Support 5
Whats New in This Release 6
New PlatformSupport 6
Fixed Issues 6
Mac 6
Features Added in Previous Releases 7
Support for Suite-B 7
Split Tunnel 7
Support for Certificate-based Authentication 7
Support for IKEv2 7
Support for OTP 7
Authentication Profile Selection in VIA 8
SystemExtra Menu 8
Send UDID to Controller 8
Issues Fixed in Previous Releases 9
Issues Fixed in VIA 2.0.0.2 9
MacOS 9
Issues Fixed in VIA 2.0.0.1 9
VPN Connectivity 9
Issues Fixed in VIA 2.0 10
Installer-VIA 10
Known Issues 11
MacOS 11
Aruba VIA2.0.1.0 Mac Edition | Release Notes Release Overview | 5
Chapter 2
Release Overview
Aruba VIA 2.0.1.0 is a software patch release that introduces fixes to the issues detected in the previous releases of
Aruba VIA Mac Edition.
For more information on features described in the following sections, see the latest VIA Mac Edition User Guide.
About VIA
Virtual Intranet Access (VIA) is part of the Aruba remote networks solution targeted for teleworkers and mobile
users. VIA detects the users network environment (trusted and untrusted) and automatically connects the user to
their enterprise network. Trusted network typically refers to a protected office network that allows users to directly
access corporate intranet. Untrusted networks are public Wi-Fi hotspots such as airports, cafes, or home network.
The VIA solution comes in two parts VIA connection manager and the controller configuration.
Contacting Support
Main Site http://www.arubanetworks.com
Support Site https://support.arubanetworks.com
Airheads Social Forums and Knowledge
Base
http://community.arubanetworks.com
North American Telephone 1-800-943-4526 (Toll Free)
1-408-754-1200
International Telephone http://www.arubanetworks.com/support-services/aruba-support-
program/contact-support/
Software Licensing Site https://licensing.arubanetworks.com/
End of Life Support Information http://www.arubanetworks.com/support-services/end-of-life-
products/end-of-life-policy/
Wireless Security Incident Response
Team (WSIRT)
http://www.arubanetworks.com/support-services/security-
bulletins/
Support Email Addresses
Americas and APAC support@arubanetworks.com
EMEA emea_support@arubanetworks.com
Wireless Security Incident Response
Team (WSIRT)
wsirt@arubanetworks.com
Table 1: Contact Information
Aruba VIA2.0.1.0 Mac Edition | Release Notes Whats Newin This Release | 6
Chapter 1
Whats New in This Release
New Platform Support
Fromcurrent release onwards Aruba VIA is supported on Mac OS X 10.9 (Mavericks) platform.
Fixed Issues
The following issues are resolved in Aruba VIA 2.0.1.0:
Mac
Table 2: Mac - Fixed Issues
Bug ID Description
22950 Symptom: The Mac VIA log structure was complex and the user was unable to read it. This issue is
resolved by simplifying the logs.
Scenario: This issue was observed is systems running Mac version 10.9 with VIA 2.0.0.2.
22952 Symptom: VPN plugin crashed if unicode language characters were used in the
username/pasword. This issue is resolved by providing VPN plugin support for unicode language
characters.
Scenario: This issue was observed in systems running Mac version 10.8 and 10.9 with VIA 2.0.0.2.
22960 Symptom: When a user installed VIA the Unidentified Error message was displayed. This issue is
resolved by making code level changes to the VIA installer and VIA app to override the warning
message.
Scenario: This issue was observed in systems running Mac version 10.8 and 10.9 with VIA 2.0.0.2.
22961 Symptom: Users found it difficult to update Access Control List (ACL) for certificates already present
in the keychain. This issue is resolved by adding a shortcut for the VPNagent and a home folder to
enable users to easily update the ACL for certificates.
Scenario: This issue was observed in systems running Mac version 10.8 and 10.9 with VIA 2.0.0.2.
77215 Symptom: Mac VIA 2.0 edition did not support SSL fallback option with IKeV1 communication. This
issue is fixed in the latest release of Mac VIA 2.0 edition that supports SSL fallback functionality.
Scenario: This issue was observed in Mac VIA 2.0 edition. The client did not support SSL fallback
option with IKeV1 communication. This issue was not limited to any specific controller model and
occurred on controllers running ArubaOS 6.2 and 6.1.3.4.
Aruba VIA2.0.1.0 Mac Edition | Release Notes Features Added in Previous Releases | 7
Chapter 2
Features Added in Previous Releases
The following new features have been introduced in the VIA 2.0 Mac Edition:
Support for Suite-B
Suite B is a new set of cryptographic algorithms that are approved by the US Government for use in classified
communication. Suite B provides the highest levels of security available today in public and commercial algorithms.
To enable Suite B connectivity, VIA has been enhanced to support RFC 4869 (Suite B Cryptographic Suites for
IPsec.)
Additionally, VIA provides support for:
l RFC 5246 and RFC 5430 Extensible Authentication Protocol (EAP) offload with TLS v1.2
l AES-GCM128/256 for bulk data transfer
l ECDSA for digital signatures, including support for X.509v3 certificates using ECDSA keys with p256/ p384
curves
l ECDH for key agreement using p256/p384 curves
l SHA-256 and SHA-384 for message digests
Suite B support requires a controller running ArubaOS 6.1 or greater with the Advanced Cryptography License. See
the Software Licenses chapter in the latest ArubaOS user guide for more information.
Split Tunnel
With this option, all traffic to the VIA tunneled networks goes through the controller and the rest is bridged directly on
the client.
Support for Certificate-based Authentication
Provides support for certificate-based authentication such as RSA and EC. The IKEv1 supports only RSA whereas
IKEv2 supports both RSA and EC.
Support for IKEv2
IKEv2 supports a wider variety of authentication mechanisms and it is faster when compared to IKEv1 method.
IKEv2 has only single phase authentication process. Aruba VIA 2.0.1.0 Mac Edition supports the following IKEv2
authentication methods:
l X.509 certificate. Controllers running ArubaOS 6.1 or greater support OCSP for the purpose of validating a
certificate that has not been revoked.
l EAP (Extensible Authentication Protocol) including EAP-TLS and EAP-MSCHAPv2.
Support for OTP
Aruba VIA 2.0.1.0 Mac Edition supports the authentication based on One Time Password (OTP). This password is
valid only for a single login session. Whenever a user establishes a new VPN session, the UI prompts for an OTP.
8 | Features Added in Previous Releases Aruba VIA2.0.1.0 MacEdition| Release Notes
Authentication Profile Selection in VIA
With this feature, the users can select the authentication profile in the VIA connection manager upon entering their
credentials (as shown in the following figure). This authentication profile is configured on the controller.
Figure 1 Authentication Profile Selection in VIA
System Extra Menu
Systemextra menu is displayed when a VIA connection is established.
Figure 2 SystemExtra Menu
The systemextra menu can be used for the following:
l View the connection status such as connecting, disconnecting, connected, and disconnected.
l Start or stop the connection.
Send UDID to Controller
Sends unique device identifier (UDID) string of the VIA client to the controller. Using this string, the behavior of the
client can be monitored.
Aruba VIA2.0.1.0 Mac Edition | Release Notes Issues Fixed in Previous Releases | 9
Chapter 3
Issues Fixed in Previous Releases
The following issues were fixed in the previous releases of VIA:
Issues Fixed in VIA 2.0.0.2
The following issues were fixed in VIA 2.0.0.2:
MacOS
Table 3: MacOS Fixed Issues
Bug ID Description
77521 Symptom: VIA client requests authentication password every time the VIA configuration was
changed and the VIA user interface comes up. The issue is now fixed and VIA does not request for
the authentication password each time VIA configuration is changed.
Scenario: This issue was observed in VIA 2.0 client running on Mac OS Lion (10.7.X) and Mountain
Lion (10.8) and was not limited to a specific controller model.
77678 Symptom: The Assigned IP address and Packet sent/received options under Connection Details
tab were blank even after successful VIA connection after the client resumes sleep mode. The
issue is fixed when the IP address and Packet Sent/Received fields are correctly updated after the
client resumes from sleep mode.
Scenario: The issue was observed when client resumed from its sleep mode. The VIA connection
was successful but the IP address and status options were shown blank. The issue occurred in Mac
VIA 2.0 client version and it not limited to a specific controller model.
81797 Symptom: The Mac user interface crashed after the client resumed from the sleep mode. Checks to
the null string resolves the issue.
Scenario: The issue was observed when client resumed from sleep mode and the VIA profile was
not available. Due to this, the Mac user interface crashed. The issue occurred in VIA 2.0 client
version and it was not limited to a specific controller model.
Issues Fixed in VIA 2.0.0.1
The following issue was fixed in VIA 2.0.0.1:
VPN Connectivity
Table 4: VPN Connectivity Fixed Issues
Bug ID Description
77849 Symptom: After resuming from sleep mode, the VIA status showed as connected but the internal
network was not reachable. To fix this issue changes are done to the internal VPN services, where-
in the VIA automatically disconnects when it enters into sleep mode and connects back when it
resumes back from the sleep mode.
Scenario: After connecting to VIA 2.0 Mac edition if it was put in the sleep mode and when VIA
comes back from this mode the status is showed as connected. But the users were unable to
access the internal network. This was a rare issue and is not specific to any controller model or
software version.
10 | Issues Fixed in Previous Releases Aruba VIA2.0.1.0 MacEdition| Release Notes
Issues Fixed in VIA 2.0
The following issues were fixed in VIA 2.0:
Installer-VIA
Bug ID Description
53974 Symptom: VIA was not able to create a secure connection in an untrusted network.
Scenario: This issue occurred when upgrading the VIA client to 2.0. VIA performs a check for
trusted and untrusted network and though the network is untrustworthy, it does not establish an
IPSec connection.
50838 Symptom: The VIA connection manager did not respond during disconnection phase.
Scenario: This issue occurred when the user clicked Disconnect and VIA took a long time to
disconnect.
Table 5: Installer - VIA Fixed Issues
Aruba VIA2.0.1.0 Mac Edition | Release Notes Known Issues | 11
Chapter 4
Known Issues
The known issues and limitations observed in the previous releases of VIA are described in the following table. Bug
IDs and applicable workarounds are included.
MacOS
Bug ID Description
73290 Symptom: When switching between different SSIDs, VIA 2.0 client does not detect the
trusted networks accurately.
Scenario: When a client switches between the two trusted networks. VIA client detects the
second trusted network as untrusted network and connects automatically. This issue is
observed in all controllers running on ArubaOS 6.2 and 6.1.3.4.
Workaround: None
Table 6: MacOS Known Issues