UPDATE: 21/06/2020 - Did an update on the 2600 and 2200 mesh routers. Took over 20min and the reboot from SRM did not go on its own. The 2600 router did not boot up at all. What I did was disconnected 2200 from it as well as my WAN connection and power-cycle the router. Then it booted just fine. Connected it all back and now it's working.
After some time, we have finally got a large, proper, update for the Synology SRM platform.
There is a number of changes that have been implemented. Some covering performance and security while others cover better updates and user experience.
Released on the 18th of June 2020 for all three models of routers (RT1900AT, RT2600AC and MR2200) here are the changes:
- The update will be available for selected regions within the following weeks, although the release time in each region may vary slightly.
- Added support for adding Wi-Fi points to a mesh Wi-Fi system via Ethernet cables during the first-time deployment.
- Allowed a mesh Wi-Fi system to have Wi-Fi points running different SRM's Update versions (with the same four-digit build number) so as to enhance update experience.
- Added support to configure multicast translation and IGMP snooping in a mesh Wi-Fi system.
- Added support for communication between client devices within the guest network.
- Added support for broadcast storm prevention through MAC filtering, which prevents wireless devices from sending a large number of broadcast packets in a short time and affecting the normal usage of other devices.
- Added support to apply the Default Policy of traffic control to each device connected to the guest/local area network.
- Added support for delivery of traffic reports on the last day of every month.
- Improved the startup speed of Synology Router after an SRM update.
- Enhanced the performance of iPhone USB tethering.
- Unified the behaviors of soft reset on RT1900ac, RT2600ac, and MR2200ac: the username of administrator's account can be customized during the reset.
- Added support for LCP identification of PPPD settings during a PPPoE connection (required by some ISPs).
- Added support for the IGMP querier timer for IPTV to enhance compatibility.
- Added support for connection tests of DNS over HTTPS (DoH).
- Adjusted the behaviors of data storing: system data will now be respectively stored in each external storage device connected to Synology Router.
- Updated the valid period of default certificate to 398 days in response to the policy change of Apple.
- Enhanced the compatibility of WPA2-EAP/WPA3-EAP with RADIUS servers in a mesh Wi-Fi system.
- Fixed the issue where the performance of Synology Router might be reduced when a macOS device connects to it.
- Fixed the issue where iPhone 11 running iOS 13.2.3 might fail to connect to the WPA3-Enterprise wireless network.
- Fixed the issue where SRM might fail to send logs of Wi-Fi points to other log servers.
- Fixed the issue where the wireless network might not work properly after an update of SRM on which configurations have been restored.
- Fixed the issue where packages might not be downloaded properly from Package Center on RT2600ac.
- Fixed the issue where interface failover cannot function properly when either of the WAN interfaces is disconnected.
- Fixed the issue where devices on the guest network might fail to access the Internet when a policy routing rule that directs network traffic through the secondary WAN interface is in place.
- Fixed the issue where users might not be able to select WAN interfaces upon configuring static routing if the IPTV uses 10 as its VLAN ID.
- Fixed the issue where SRM might fail to access the Internet via PPPoE when IPTV is enabled.
- Fixed the issue where IP addresses might not be obtained from ISPs (Internet Service Providers) after Synology Router restarts.
- Fixed the issue where RT2600ac might fail to access certain HTTP IP addresses when it is in the wireless AP mode.
- Fixed the issue where the links of traffic reports in notification emails might be invalid when the task names of reports contain special characters.
- Fixed the issue where the device list on the Traffic Control page might incorrectly display the IP addresses of banned and disconnected devices.
- Fixed the issue where the status of a user account might be shown as "disabled" immediately after it is scheduled to be disabled on a later date.
- Fixed the issue where Synology Router in the wireless AP mode might fail to send packets to specified gateways when there are multiple routers and gateways within the local network.
- Fixed the issue where port forwarding might not work properly with PPPoE connection after Synology Router restarts.
- Fixed the issue where SRM might fail to send notification emails through mail servers with SSL/TLS settings.
- Fixed the issue where SNMP messages might not contain correct SRM information.
- Fixed the issue where SRM might fail to renew the Let's Encrypt certificate.
- Adjusted the memory parameters for MR2200ac to prevent unexpected restart.
- Fixed a security vulnerability regarding BSD (CVE-2019-20367).
- Fixed a security vulnerability regarding hostapd (CVE-2019-16275).
- Fixed multiple security vulnerabilities regarding Dnsmasq (CVE-2019-15107 and CVE-2019-14834).
- Fixed a security vulnerability regarding Linux kernels (CVE-2017-13168).
- Fixed a security vulnerability regarding CallStranger (Synology-SA-20:13).
- Fixed multiple security vulnerabilities (Synology-SA-20:14).
Known Issues & Limitations
- Due to security considerations, if configurations backed up from a mesh Wi-Fi system running SRM 1.2.3 or earlier are restored on the primary Wi-Fi point running SRM 1.2.4 or later, all Wi-Fi points (except the primary one) need to be reset and added to the mesh Wi-Fi system again.
- Re-login to Synology mobile applications (DS cloud, DS file, DS get, DS router, and Synology VPN Plus) is required after SRM is updated to 1.2.4.
What is important to stress here is the fact that this patch fixes a number of security problems including the mysterious SA-20:14 as well as an ongoing (currently) SA-20:13.
Personally, I have patched my RT1900 model at the moment, and I will see how it behaves as well as wait a few days to see if there are any major problems with this update that will in return mean Synology will pull it.
So far, nothing funny is going on with the router. The update took about 10min to complete.
Feel free to comment as always.