User Manual
Release Note
Version 1.0.7
Version 1.0.7
Release Date: April 2, 2026
New Features
- Environment Rule Management (OrpheLink for OrpheAgent): Added environment-rule support across SD-WAN node data and related interfaces, enabling routing behavior to be adjusted with richer policy conditions.
- Exit Node Without SNAT (OrpheLink for OrpheAgent): Added an
exitNodeWithoutSNAToption for SD-WAN node settings, allowing operators to choose between exit-node mode with or without SNAT via a radio-group selector. - Automatic Node Mode Initialization (OrpheLink for OrpheAgent): Added automatic node-mode initialization so unmanaged or unset SD-WAN node mode values are normalized without extra operator steps.
- License Remark Editing (OrpheLink for OrpheAgent): Added a new
PATCH /api/v1/license/remark/editendpoint and corresponding UI for editing license remarks, with the remark field now visible in the license list.
Enhancements
- General Setting via VPN IP (OrpheLink for OrpheAgent): Changed the General Setting configuration request to use the device's VPN IP instead of the domain layout, improving reliability for devices behind NAT. The backend now gracefully handles device restarts after config push by detecting connection-reset and timeout errors and returning success immediately.
- Configuration Init Wait Mechanism (OrpheLink for OrpheAgent): Added a retry-based initialization mechanism on the General Setting page that polls the device up to 10 times with one-second intervals, ensuring the UI loads correctly even when the agent is still starting up.
- Route-to-Exit Workflow (OrpheLink for OrpheAgent): Improved route-to-exit handling with pre-loaded exit-node status checks, tooltip guidance when a target node is not an exit node, and automatic switch disabling to prevent invalid configurations.
- SD-WAN UI Simplification (OrpheLink for OrpheAgent): Simplified SD-WAN configuration by removing unnecessary dropdown options, including the previous "Bypass Exit" choice, and streamlining the node-setting flow.
- SD-WAN Queue Reconciliation (OrpheLink for OrpheAgent): Improved SD-WAN queue logic to always reconcile device node info against the controller state, ensuring configuration consistency even when no drift is detected.
- Login Page Streamlining (OrpheLink for OrpheAgent): Hid WebAuthn and Sync Demo UI elements from the login screen and simplified the login flow so pressing Enter on the username field proceeds directly to password entry.
- Login and Discovery RWD Layout (OrpheLink for OrpheAgent): Updated login and discovery pages with improved responsive layout, including a relocated refresh button and inline discovery-status indicator for desktop viewports.
- Provision Key Hidden on Mobile (OrpheLink for OrpheAgent): Hidden the Provision Key input field on mobile layouts to reduce visual clutter while retaining copy and download actions.
- License Page Improvements (OrpheLink for OrpheAgent): Enhanced the license management page with status filtering (all / active / expired), a remark column with inline editing, and improved layout spacing.
- Jump-to-Service Simplification (OrpheLink for OrpheAgent): Removed the jump-limit column and selector from agent services configuration, reducing unnecessary complexity in the service setup UI.
Bug Fixes
- Login Error Handling (OrpheLink for OrpheAgent): Fixed login error behavior to make failure handling more predictable during sign-in.
- Swagger Documentation (OrpheLink for OrpheAgent): Corrected the controller name in Swagger documentation to
controller_jwt_token.
Version 1.0.6
Release Date: March 20, 2026
Enhancements
- Provision Discovery: Filtering by OrpheAgent Node ID: The Provision discovery flow now carries dataPlaneNodeID in discovered device payloads returned by GET /api/v1/provision/devices/list and the associated device-list stream, allowing operators to filter discovered devices by OrpheAgent Node ID while still reviewing the same device identity fields, software version, status, and error information in one workflow.
- Provision Completion Notification: When a discovered device finishes the acceptance flow through the Provision API, the system now sends an info-level notification containing the device name to the operator's notification stream, deduplicated per device SN within a short cooldown window so that repeated acceptance attempts do not produce duplicate alerts.
- Inventory Report: Heartbeat Status Returned in the Same Response Cycle: POST /api/v2/inventory/report now returns heartBeatStatus together with reportMode, isFirst, logPrograms, expireTime, and dataPlaneRelay, allowing the reporting phase to send heartbeat status, controller policy, and relay data back to OrpheAgent in a single exchange.
- OrpheLink Route-to-Exit: Custom DNS and Subnet Delivery Path: The OrpheLink link workflow now supports a custom dns value alongside isRouteToExit and subnets in the link get, create, and edit APIs. During route-to-exit configuration, the UI can enable or disable Custom DNS, pass dns only when enabled, and keep dns and subnet data aligned through link responses and downstream node or site synchronization. When a link is deleted, dns is cleared on the affected device. Each link creation also persists per-neighbor route subnet records so that subnet data survives across subsequent non-route-to-exit link edits.
- OrpheLink Editing Flow: Clearer Overview, Site, and Link Stages: The OrpheLink management workflow now separates overview, site editing, and link editing into dedicated UI components, improving level-3 link operations while keeping link retrieval centered on linkGet and updates on linkCreate and linkEdit. Across these stages, the data flow consistently carries deviceID, neighborID, LAN selections, route-to-exit state, dns, and route subnet settings. The topology chart retains device positioning after save operations, and the hierarchy display reflects level relationships more accurately.
- OrpheLink Synchronization: Queue-Driven Node and Route Delivery: After link create, edit, delete, start, site create/edit, and node setting operations, the system now pushes all affected device IDs into the OrpheLink queue. The queue worker loads each device's expected route-subnet-to-exit list and compares it against the current state on the OrpheAgent side, sending a SetRouteSubnetToExit update only when the two diverge.
- Heartbeat Offline Detection: Simplified Time-Based Threshold: The background heartbeat check now uses a fixed 45-second time-based offline threshold instead of a counter-based cache. When a device's last heartbeat timestamp exceeds the timeout, the system pings the device before marking it offline, replacing the previous multi-cycle counting and per-device cache logic.
- P2P Tunnel v1.0.8: QUIC Session Recovery Is Faster After Idle Periods: The QUIC transport path now uses a shorter idle timeout, allowing stale P2P sessions to be recycled sooner after inactivity. This improves responsiveness when the connection path needs to recover or be re-established after temporary interruption.
- P2P Tunnel v1.0.8: License Lock Signaling No Longer Interrupts Forwarding: When tunnel traffic matches an ignoreIPs item configured for license lock, p2pTun now sends a lock control-plane message with the matched peer context through /controlplane/v1/leave while continuing normal packet forwarding. This allows the remote OrpheAgent to enter the license lock state without interrupting ongoing data transmission.
Bug Fixes
- Fixed Cleanup of Related Records During Device Deletion: The device deletion flow now removes related OrpheLink links, route-to-exit subnet records, assigned subnet IPs, traffic records, services, port forwardings, ACL items and ACL groups, DHCP, WAN, LAN, client, and agent network records in one cleanup path before deleting the heartbeat entry itself, reducing leftover state after device removal or Leave Controller operations.
- Fixed Route-to-Exit Subnet Persistence During Link Editing: OrpheLink link editing now preserves per-neighbor route subnet records for links that are not currently set as route-to-exit, carrying forward previously stored subnets instead of clearing them. This prevents subnet data loss when operators toggle route-to-exit off on one link and later re-enable it.
- Fixed Over-Broad OrpheLink Synchronization During Node, Site, and Link Updates: OrpheLink node setting, site edit, and link edit flows now compute the actual changed nodes or links first and then send dataplane node or neighbor updates only to the affected devices. The synchronization path also normalizes empty site names and the Ungroup label to the same value, preventing unchanged ungrouped devices from being misdetected as modified and receiving unnecessary neighbor or route-to-exit updates.
- Fixed Log List Pagination for First-Page Requests: The log list endpoint now uses cursor-based pagination for default first-page requests, falling back to offset-based pagination only for explicit non-first-page jumps without a cursor, improving first-page response times.
- Fixed Provision Key Label and Layout: The Provision footer now displays "Provision Key" instead of "Key" and uses improved alignment and spacing for the optional key input area.
Version 1.0.5
Release Date: March 6, 2026
New Features
- DeviceListByIP API: Added a new API endpoint (
GET /api/v2/inventory/listbyip) that allows devices to identify their associated account via VPN IP and retrieve the complete device list with SD-WAN Peer IDs under that account. This API is restricted to Trusted Source IP access only. - SD-WAN Node Device Information: Added
DeviceNameandOSfields to SD-WAN Node models, enabling nodes within the SD-WAN network to identify each other's device name and operating system. - Configuration-driven Ignore IP Notification (P2P Tunnel v1.0.6): When the Stream Handler receives a packet with a Source IP found in the ignore list, the system proactively sends a control message through the tunnel to notify the OrpheAgent to go offline and clear its configuration data.
Enhancements
- Default Device Model Name: Devices now default to the model name "OrpheAgent" to prevent display anomalies in the Inventory device list after a successful Provision.
- Log Page: Go-to-Page Jump: Added a direct page number input field on the Log page, allowing users to jump to any page instantly rather than clicking through page-by-page.
- Stream Handler: Source IP Validation Before Control Message Dispatch (P2P Tunnel v1.0.7): When the Stream Handler detects a source IP in the ignore list, the system now validates the source IP before proactively sending a control message instructing OrpheAgent to disconnect, preventing erroneous message delivery.
- Stream Handler: Leave Controller vs. License Lock Classification: When a source IP in the ignore list is detected, the system now determines whether the device has been removed via Leave Controller or has a locked license before dispatching the appropriate control message.
- Improved pgAdmin Security: Restricted the pgAdmin port binding to localhost only, reducing unnecessary external exposure.
- Updated P2P Circuit Relay Configuration: Removed hardcoded IP addresses and outdated node entries from
profile/profile.jsonP2P.CircuitRelayServerAddrs, keeping relay configuration up to date. - Traefik Cert Service Dependency: Added a
depends_onconfiguration indocker-compose.yamlrequiring thecertservice to complete before Traefik starts, ensuring TLS certificates are ready prior to ingress initialization. - Improved Provision Stability and Observability: Enhanced Provision flow reliability and added observable state feedback. Removed the full-page blocking overlay from the frontend. The Discovery process is now automatically stopped and the WebSocket connection is properly closed when the user leaves the Provision page.
- Batch Leave OrpheLink in Inventory: Added a Batch Leave OrpheLink button to the Inventory interface, allowing users to select multiple devices and execute Leave in a single action, significantly simplifying the management workflow.
Bug Fixes
- Fixed VPN IP Ignore List Misclassification: Corrected a classification error in the VPN IP ignore list logic where IPs for deleted devices and expired licenses were assigned to the wrong category, which could cause abnormal behavior during re-registration or connection restriction.
- Fixed Provisioned Devices Disappearing from Discovery List: Resolved an issue where devices that completed or encountered an error during Provision were incorrectly removed from the Provision Device List. Devices with a Completed status or an error message are now retained in the list. Additionally, completed devices no longer display a selection checkbox.
- Fixed Log Page Date Filter Condition: Corrected an abnormal filter condition in the Log page date range query that produced incorrect results.
OrpheLink v1.0.3
Release Date: 2025/10/27
Bug Fixes
- Fixed an issue where, after cookie expiration, the user is redirected to the login page, but still sees a "no permission" error after logging in.
- Fixed a bug where a notification would be triggered multiple times upon successful device takeover.
- Fixed an issue where Provision would display an invalid notification.
- Fixed an issue where company administrators could not see other user accounts under Settings > Account.
- Fixed an issue where Admin users could not view OrpheLink connection statuses of other companies on the Dashboard.
Enhancements
- Added an option for Admin users to view logs from other companies on the Log page.
- On the Dashboard, Admin users can now see the source company of each device status.
