MikroTik RouterOS 6.40.x (Stable)
(перенаправлено с «Изменения в RouterOS:Release 6.40.x»)
Подробное описание изменений в MikroTik RouterOS 6.40.x (Stable). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 21 июля 2017, дата выхода последнего набора изменений – 31 октября 2017.
Полезные материалы по MikroTik
Углубленный курс "Администрирование сетевых устройств MikroTik" Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь
MikroTik RouterOS 6.40.5
Дата выхода: 31 октября 2017
Изменения:
- certificate - fixed import of certificates with empty SKID;
- crs3xx - fixed 100% CPU usage after interface related changes;
- firewall - do not NAT address to 0.0.0.0 after reboot if to-address is used but not specified;
- ike1 - fixed crash after downgrade if DH groups 19,20,21 were used for phase1;
- ike1 - fixed RSA authentication for Windows clients behind NAT;
- ipsec - fixed lost value for "remote-certificate" parameter after disable/enable;
- ipv6 - fixed IPv6 addresses constructed from prefix and static address entry;
- log - properly recognize MikroTik specific RADIUS attributes;
- lte - do not reset modem when it is not possible to access SMS storage;
- lte - fixed modem initialization after reboot;
- lte - fixed PIN option after setting up the band;
- sms - include time stamps in SMS delivery reports;
- sms - properly initialize SMS storage;
- snmp - fixed "/system license" parameters for CHR;
- winbox - allow shorten bytes to k,M,G in Hotspot user limits;
- wireless - fixed rate selection process when "rate-set=configured" and NV2 protocol is used.
MikroTik RouterOS 6.40.4
Дата выхода: 2 октября 2017
Изменения:
- address - show warning on IPv6 address when acquire from pool has failed;
- arp - properly update dynamic ARP entries after interface related changes;
- crs1xx/2xx - fixed 1 Gbps forced mode for several SFP modules;
- crs317 - added L2MTU support;
- crs3xx - improved packet processing in slowpath;
- defconf - fixed RouterOS default configuration (introduced in v6.40.3);
- dhcp - fixed downgrade from RouterOS v6.41 or higher;
- dhcpv6 client - added IAID check in reply;
- dhcpv6-client - fixed IA check on solicit when "rapid-commit" is enabled;
- dhcpv6-client - ignore unknown IA;
- dhcpv6-client - require pool name to be unique;
- e-mail - auto complete file name on "file" parameter (introduced in v6.40);
- export - fixed wireless "ssid" and "supplicant-identity" compact export;
- hotspot - fixed missing "/ip hotspot server profile" if invalid "dns-name" was specified;
- hotspot - improved user statistics collection process;
- ike1 - remove PH1 and PH2 when "mode-config" exchange fails;
- ipsec - kill PH1 on "mode-config" address failure;
- ipv6 - fixed IPv6 address request from pool;
- lte - fixed modem initialization after reboot;
- ntp-client - properly start NTP client after reboot if manual server IP is not configured;
- rb931-2nd - fixed startup problems (requires additional reboot after upgrade);
- routerboard - fixed "/system routerboard upgrade" for CRS212-8G-4S;
- sfp - fixed OPTON module DDM information readings;
- sfp - fixed temperature readings for various SFP modules;
- snmp - fixed "/caps-man registration-table" uptime values;
- snmp - fixed "/system license" parameters for CHR;
- tile - improved reliability on MPLS package processing;
- userman - fixed unresponsive RADIUS server (introduced in v6.40.3);
- vlan - do not allow VLAN MTU to be higher than L2MTU;
- webfig - improved reliability of login process;
- wireless - added "etsi1" regulatory domain information;
- wireless - improved WPA2 key exchange reliability;
- wireless - updated "norway" regulatory domain information.
MikroTik RouterOS 6.40.3
Дата выхода: 1 сентября 2017
Изменения:
- dhcpv6-server - do not release address of static binding from pool after server removal;
- export - fixed "/system routerboard" export (introduced in 6.40.1);
- export - fixed export for PoE-OUT related settings;
- ike1 - fixed initiator ID comparison to NAT-OA;
- led - fixed "on" and "off" triggers when multiple LEDs are selected;
- led - fixed RB711UA ether1 LED (introduced in v6.38rc16);
- lte - do not show USB LTE modem under "/port" menu;
- lte - fixed ethernet flap when LTE establishes connection;
- lte - fixed SXT LTE graphs in QuickSet;
- lte - improved reliability of USB LTE modems;
- poe-out - fixed router reboot after "poe-out-status" changes;
- rb1100ahx4 - fixed HW acceleration fragmented packet decryption when fragment is smaller than 64 bytes;
- rb750gr3 - show warning and do not allow to use "protected-bootloader" feature if "factory-firmware" older than 3.34.4 version;
- routerboard - added "mode-button" support for RB750Gr3 (CLI only);
- ssh - do not execute command if it starts with "-" symbol;
- traffic-flow - fixed reboots when IPv6 address has been set as target address without active IPv6 package;
- userman - fixed "limitation" and "profile-limitation" update;
- userman - fixed CoA packet processing after changes in "/tool user-manager router" configuration;
- webfig - allow to open table entry even if table is not sorted by # (introduced in v6.40);
- webfig - allow to unset "rate-limit" for DHCP leases;
- winbox - added possibility to define "comment" for "/routing bgp network" entries;
- winbox - do not show FAN related information under "/system health" menu for devices which does not have it;
- winbox - do not show LCD menu for devices which does not have it;
- winbox - fixed ARP table update after entry changes state to incomplete;
- wireless - added "russia3" country settings;
- wireless - added New Zealand regulatory domain information for P2P links;
- wireless - updated China and New Zealand regulatory domain information;
- www - fixed unresponsive Web services (introduced in v6.40).
MikroTik RouterOS 6.40.2
Дата выхода: 8 августа 2017
Изменения:
- dhcpv6-client - fixed IA evaluation order;
- led - fixed "modem-signal" LEDs (introduced in 6.40);
- pppoe-client - fixed wrong MRU detection over VLAN interfaces;
- rb2011 - fixed possible LCD blinking along with ethernet LED (introduced in 6.40);
- sfp - fixed invalid temperature readings when ambient temperature is below 0C;
- winbox - added certificate settings;
- winbox - added support for certificate CRL list;
- winbox - do not show LCD menu for devices which does not have it;
- winbox - hide "level" and "tunnel" parameters for IPSec policy templates;
- winbox - hide FAN speed if it is 0RPM.
MikroTik RouterOS 6.40.1
Дата выхода: 3 августа 2017
Изменения:
- bonding - improved reliability on bonding interface removal;
- chr - fixed false warnings on upgrade reboots;
- dhcpv6-client - do not run DHCPv6 client when IPv6 package is disabled;
- export - fixed export for different parameters where numerical range or constant string is expected;
- firewall - properly remove "address-list" entry after timeout ends;
- interface - improved interface state change handling when multiple interfaces are affected at the same time;
- lte - fixed LTE not passing any traffic while in running state;
- ovpn-client - fixed incorrect netmask usage for pushed routes (introduced in 6.40);
- pppoe-client - fixed incorrectly formed PADT packet;
- rb2011 - fixed possible LCD blinking along with ethernet LED (introduced in 6.40);
- rb922 - restored missing wireless interface on some boards;
- torch - fixed Torch on PPP tunnels (introduced in 6.40);
- trafficgen - fixed "lost-ratio" showing incorrect statistics after multiple sequences;
- winbox - added "none-dynamic" and "none-static" options for "address-list-timeout" parameter under NAT, Mangle and RAW rules.
MikroTik RouterOS v6.40
Дата выхода: 21 июля 2017
Важные изменения:
- lte - added initial fastpath support (except SXT LTE and Sierra modems);
- lte - added initial support for passthrough mode for lte modems that supports fastpath;
- wireless - added Nv2 AP synchronization feature "nv2-modes" and "nv2-sync-secret" option.
Изменения:
- bonding - fixed 802.3ad mode on RB1100AHx4;
- btest - fixed crash when packet size has been changed during test;
- capsman - added "current-registered-clients" and "current-authorized-clients" count for CAP interfaces;
- capsman - fixed EAP identity reporting in "registration-table";
- capsman - set minimal "caps-man-names" and "caps-man-certificate-common-names" length to 1 char;
- certificate - added "crl-use" setting to disable CRL use (CLI only);
- certificate - update and reload old certificate with new one if SKID matches;
- chr - fixed MAC address assignment when hot plugging NIC on XenServer;
- chr - maximal system disk size now limited to 16GB;
- conntrack - fixed IPv6 connection tracking enable/disable;
- console - fixed different command auto complete on ;
- crs212 - fixed Optech sfp-10G-tx module compatibility with SFP ports;
- defconf - added IPv6 default firewall configuration (IPv6 package must be enabled on reset);
- defconf - improved IPv4 default firewall configuration;
- defconf - renamed 192.168.88.1 address static DNS entry from "router" to "router.lan";
- dhcp - added "debug" logs on MAC address change;
- dhcpv4-client - added "gateway-address" script parameter;
- dhcpv4-server - fixed lease renew for DHCP clients that sends renewal with "ciaddr = 0.0.0.0";
- dhcpv4-server - fixed server state on interface change in Winbox and Webfig;
- discovery - fixed timeouts for LLDP neighbours;
- dns - remove all dynamic cache RRs of same type when adding static entry;
- dude - fixed server crash;
- email - added support for multiple attachments;
- ethernet - fixed occasional broken interface order after reset/first boot;
- ethernet - fixed rare linking problem with forced 10Mbps full-duplex mode;
- export - added "terse" option;
- export - added default "init-delay" setting for "/routerboard settings" menu;
- export - added router model and serial number to configuration export;
- export - fixed "/interface list" verbose export;
- export - fixed "/ipv6 route" compact export;
- export - fixed MPLS "dynamic-label-range" export;
- export - fixed SNMP "src-address" for compact export;
- fastpath - improved performance when packets for slowpath are received;
- fastpath - improved process of removing dynamic interfaces;
- fasttrack - fixed fasttrack over interfaces with dynamic MAC address;
- fetch - added "src-address" parameter for HTTP and HTTPS;
- filesystem - improved error correcting process on tilera and RB1100AHx4 storage;
- firewall - added "none-dynamic" and "none-static" options for "address-list-timeout" parameter;
- firewall - fixed bridge "action=log" rules;
- firewall - fixed cosmetic "inactive" flag when item was disabled;
- firewall - fixed crash on fasttrack dummy rule manual change attempt;
- firewall - removed unique address list name limit;
- hAP ac lite - removed nonexistent "wlan-led";
- hotspot - added "address-list" support in "walled-garden" IP section;
- hotspot - require "dns-name" to contain "." symbol under Hotspot Server Profile configuration;
- ike1 - added log error message if netmask was not provided by "mode-config" server;
- ike1 - added support for "framed-pool" RADIUS attribute;
- ike1 - create tunnel policy when no split net provided;
- ike1 - fixed minor memory leak on peer configuration change;
- ike1 - kill phase1 instead of rekey if "mode-config" is used;
- ike1 - removed SAs on DPD;
- ike1 - send phase1 delete;
- ike1 - wait for cfg set reply before ph2 creation with xAuth;
- ike2 - added RADIUS attributes "Framed-Pool", "Framed-Ip-Address", "Framed-Ip-Netmask";
- ike2 - added pfkey kernel return checks;
- ike2 - added support for "Mikrotik_Address_List" RADIUS attribute;
- ike2 - added support for "mode-config" static address;
- ike2 - by default use "/24" netmask for peer IP address in split net;
- ike2 - fixed duplicate policy checking with "0.0.0.0/0" policies;
- ike2 - prefer traffic selector with "mode-config" address;
- ipsec - added "firewall=add-notrack" peer option (CLI only);
- ipsec - added information in console XML for "mode-config" menu;
- ipsec - added support for "key-id" peer identification type;
- ipsec - allow to specify chain in "firewall" peer option;
- ipsec - do not deduct "dst-address" from "sa-dst-address" for "/0" policies;
- ipsec - enabled modp2048 DH group by default;
- ipsec - fixed connections cleanup on policy or proposal modification;
- ipsec - optimized logging under IPSec topic;
- ipsec - removed policy priority;
- l2tp - fixed handling of pre-authenticated L2TP sessions with CHAP authentication;
- l2tp-server - added "one-session-per-host" option;
- log - added "poe-out" topic;
- log - improved "l2tp" logs;
- log - optimized "wireless,info" topic logs;
- log - work on false CPU/RAM overclocked alarms;
- lte - added "accounting" logs for LTE connections;
- lte - added info command support for the Jaton LTE modem;
- lte - added initial support for "NTT DoCoMo" modem;
- lte - added support for Huawei E3531-6;
- lte - added support for ZTE TE W120;
- lte - fixed info command when it is executed at the same time as modem restarts/disconnects;
- lte - improved SMS delivery report;
- lte - improved reliability on SXT LTE;
- metarouter - fixed display of bogus error message on startup;
- mmips - added support for NVME disks;
- ovpn - added support for "push-continuation";
- ovpn - added support for topology subnet for IP mode;
- ovpn - fixed duplicate default gateway presence when receiving extra routes;
- ovpn - improved performance when receiving too many options;
- packages - increased automatic download retry interval to 5 minutes if there is no free disk space;
- ping - fixed ping getting stuck (after several thousands of ping attempts);
- ppp - added initial support for ZTE K4203-Z and ME3630-E;
- ppp - added output values for "info" command for finding the GSM base station's location ("LAC" and "IMSI");
- ppp - fixed "user-command" output;
- ppp - fixed non-standart PAP or CHAP packet handling;
- ppp - improved MLPPP packet forwarding performance;
- ppp - use interface name instead of IP as default route gateway;
- proxy - fixed potential crash;
- proxy - fixed rare program crash after closing client connection;
- quickset - added "Band" setting to "CPE" and "PTP CPE" modes;
- quickset - added special firewall exception rules for IPSec;
- quickset - fixed incorrect VPN address value on arm and tilera;
- quickset - simplified LTE status monitoring;
- quickset - use active user name and permissions when applying changes;
- rb1100ahx4 - fixed startup problems (requires additional reboot after upgrade);
- rb3011 - fixed packet passthrough on switch2 while booting;
- rb750gr3 - fixed USB power;
- routerboard - added "caps-mode" option for "reset-configuration";
- routerboard - added "caps-mode-script" for default-configuration print;
- routing - allow to disable "all" interface entry in BFD;
- safe-mode - fixed session handling when Safe Mode is used on multiple sessions at the same time;
- sfp - fixed invalid temperature reporting when ambient temperature is less than 0;
- sms - decode reports in readable format;
- sniffer - do not skip L2 packets when "all" interface mode was used;
- snmp - added "ifindex" on interface traps;
- snmp - added CAPsMAN interface statistics;
- snmp - added ability to set "src-address";
- snmp - fixed "/system resource cpu print oid" menu;
- snmp - fixed crash on interface table get;
- snmp - fixed wireless interface walk table id ordering;
- socks - fixed crash while processing many simultaneous sessions;
- ssl - added Wildcard support for "left-most" DNS label (will allow to use signed Wildcard certificate on VPN servers);
- supout - fixed IPv6 firewall section;
- switch - fixed "loop-protect" on CRS SFP/SFP+ ports;
- switch - fixed multicast forwarding on CRS326;
- tile - fixed copying large amount of text over serial console;
- tr069-client - fixed lost HTTP header on authorization;
- trafficgen - added "lost-ratio" to statistics;
- ups - show correct "line-voltage" value for usbhid UPS devices;
- userman - added "/tool user-manager user clear-profiles" command;
- userman - do not send disconnect request for user when "simultaneous session limit reached";
- userman - lookup language files also in "/flash" directory;
- vlan - do not delete existing VLAN interface on "failure: already have such vlan";
- webfig - fixed wireless "scan-list" parameter not being saved after applying changes;
- winbox - added "eap-identity" to CAPsMAN registration table;
- winbox - added "no-dad" setting to IPv6 addresses;
- winbox - added "reselect-channel" to CAPsMAN interfaces;
- winbox - added "session-uptime" to LTE interface;
- winbox - added TR069 support;
- winbox - do not autoscale graphs outside known maximums;
- winbox - fixed wireless interface "amsdu-threshold" max limit;
- winbox - hide LCD menu on CRS112-8G-4S;
- winbox - make IPSec policies table an order list;
- winbox - moved LTE info fields to status tab;
- winbox - show "/interface wireless cap print" warnings;
- winbox - show "/system health" only on boards that have health monitoring;
- winbox - show "D" flag under "/interface mesh port" menu;
- wireless - NAK any methods except MS-CHAPv2 as inner method in PEAP;
- wireless - added option to change "nv2-downlink-ratio" for nv2 protocol;
- wireless - added option to set "fixed-downlink" mode for nv2 protocol;
- wireless - allow VirutalAP on Level0 (24h demo) license;
- wireless - always use "multicast-helper" when DHCP is being used;
- wireless - do not skip >2462 channels if interface is WDS slave;
- wireless - fixed 802.11u wireless request processing;
- wireless - fixed EAP PEAP success processing;
- wireless - fixed compatibility with "AR5212" wireless chips;
- wireless - fixed rare crash on cap disable;
- wireless - fixed registration table "signal-strength" reporting for chains when using nv2.
Полезные материалы по MikroTik
Углубленный курс "Администрирование сетевых устройств MikroTik" Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь