MikroTik RouterOS 6.41.x (Stable)
(перенаправлено с «Изменения в RouterOS:Release 6.41.x»)
Подробное описание изменений в MikroTik RouterOS 6.41.x (Stable). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 22 декабря 2017, дата выхода последнего набора изменений – 5 апреля 2018.
Полезные материалы по MikroTik
Углубленный курс "Администрирование сетевых устройств MikroTik" Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь
MikroTik RouterOS 6.41.4
Дата выхода: 5 апреля 2018
Важные изменения:
- tile - improved overall system performance and stability ("/system routerboard upgrade" required);
Изменения:
- led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
- led - removed unused "link-act-led" trigger for devices which does not use it;
- netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
- poe - do not show "poe-out-current" on devices which can not determine it;
- poe - hide PoE related properties on interfaces which does not provide power output;
- winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
- winbox - show dual SIM options only for RouterBOARDs which does have two SIM slots;
- winbox - use proper graph name for HDD graphs;
- wireless - enable all chains by default on devices without external antennas after configuration reset.
MikroTik RouterOS 6.41.3
Дата выхода: 8 марта 2018
Важные изменения:
- smb - fixed buffer overflow vulnerability, everyone using this feature is urged to upgrade;
- tile - improved overall system performance and stability ("/system routerboard upgrade" required);
Изменения:
- chr - automatically generate new system ID on first startup;
- console - do not allow variables that start with digit to be referenced without "$" sign;
- defconf - fixed DISC Lite5 LED default configuration;
- export - fixed "/system routerboard mode-button" compact export;
- filesystem - improved error correction process on RB1100AHx4 storage;
- firewall - fixed "tls-host" firewall feature (introduced in v6.41);
- gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
- lte - fixed r11-LTE-US interface initialization process after reboot;
- romon - make "secret" field sensitive in console;
- smb - improved NetBIOS name handling and stability;
- snmp - fixed w60g SSID value;
- tile - fixed bogus voltage readings;
- tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
- usb - improved packet processing over USB modems;
- winbox - fixed "/tool e-mail send" attachment behavior;
- winbox - fixed maximal ID for Traffic Generator stream;
- winbox - removed "Enable" and "Disable" buttons from IPsec "mode-config" list;
- winbox - show "D" flag under "/ip dhcp-client" menu;
- wireless - removed unused "/interface wireless registration-table monitor" command.
MikroTik RouterOS 6.41.2
Дата выхода: 6 февраля 2018
Изменения:
- bridge - fixed ARP settings on bridge interfaces (introduced v6.41);
- discovery - fixed discovery interface list change;
- disk - fixed disk related processes becoming unresponsive after unplugging used disk;
- filesystem - fixed situations when "/flash" directory lost files after upgrade;
- ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
- routerboard - properly report warnings under "/system routerboard" menu;
- snmp - added w60g support;
- w60g - fixed "/interface w60g reset-configuration";
- webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
- winbox - changed default bridge port PVID value to 1;
- wireless - fixed wireless protocol mode restrictions if lockpack is installed and has limits for it.
MikroTik RouterOS 6.41.1
Дата выхода: 30 января 2018
Изменения:
- bridge - fixed "mst-override" export;
- bridge - fixed allowed MSTI priority values;
- bridge - fixed ARP option changing on bridge (introduced v6.41);
- bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
- bridge - fixed hw-offload disabling when adding a port with "horizon" set;
- bridge - fixed IGMP Snooping after disabling/enabling bridge;
- bridge - fixed interface list moving in "/interface bridge port" menu;
- bridge - fixed repetitive port "priority" set;
- bridge - fixed situation when packet could be sent with local MAC as dst-mac;
- bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
- bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
- btest - fixed TCP test accuracy when low TX/RX rates are used;
- certificate - do not use utf8 for SCEP challenge password;
- certificate - fixed PKCS#10 version;
- crs317 - improved transmit performance between 10G and 1G ports;
- crs326 - fixed possible packet leaking from CPU to switch ports;
- crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
- detnet - additional work on "detect-internet" implementation;
- dhcpv4-server - fixed framed and classless route received from RADIUS server;
- discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
- dude - fixed e-mail notifications when default port is not used;
- firewall - fixed "tls-host" firewall feature (introduced v6.41);
- firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
- ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
- ike2 - delay rekeyed peer outbound SA installation;
- ike2 - improve half-open connection handling;
- ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
- log - properly report bridge interface MAC address changes;
- netinstall - improved LTE package description;
- netinstall - properly generate skins folder when branding package is installed;
- ovpn - fixed resource leak on systems with high CPU usage;
- ppp - changed default value of "route-distance" to 1;
- ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
- radius - added warning if PPP authentication over RADIUS is enabled;
- radius - increase allowed RADIUS server timeout to 60s;
- rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
- rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
- routerboot - fixed missing upgrade firmware for "ar7240" devices;
- sfp - improved SFP module compatibility;
- snmp - allow also IPv6 on default public community;
- tile - fixed USB device speed detection after reboot;
- traffic-flow - do not count single extra packet per each flow;
- webfig - added support for proper default policies when adding script or scheduler job;
- webfig - fixed bridge port sorting order by name;
- webfig - fixed MAC address ordering;
- webfig - fixed wireless snooper address, SSID and other column ordering;
- winbox - added "dhcp-option-set" to DHCP server;
- winbox - allow to specify "to-ports" for "action=masquerade";
- winbox - do not show "hw" option on non-Ethernet interfaces;
- winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
- wireless - updated "Czech Republic" country 5.8 GHz frequency range.
MikroTik RouterOS 6.41
Дата выхода: 22 декабря 2017
Важные примечания:
- RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
- This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
- Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
- The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
- Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
Важные изменения:
- bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
- switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
- detnet - implemented "/interface detect-internet" feature; https://wiki.mikrotik.com/wiki/Manual:Detect_internet
- bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
- routerboot - RouterBOOT version numbering system merged with RouterOS;
- w60g - added Point to Multipoint support;
- w60g - revised "master" and "slave" interface modes to more familiar "bridge", "ap-bridge", "station-bridge";
- wireless - new driver with initial support for 160 and 80+80 MHz channel width.
Изменения:
- arm - minor improvements on CPU load distribution for RB1100 series devices;
- arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
- bgp - added 32-bit private ASN support;
- bridge - added comment support for VLANs;
- bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
- bridge - added support for "/interface list" as a bridge port;
- bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
- bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
- bridge - changed "Host" and "MDB" table column order;
- bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
- bridge - fixed "fast-forward" counters;
- bridge - fixed ARP setting (introduced in v6.40rc36);
- bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
- bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
- bridge - fixed multicast forwarding (introduced in v6.40rc36);
- bridge - implemented dynamic entries for active MST port overrides;
- bridge - implemented software based "igmp-snooping";
- bridge - implemented software based MSTP;
- bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
- bridge - set "igmp-snooping=no" by default on new bridges;
- bridge - show "admin-mac" only if "auto-mac=no";
- bridge - show bridge interface local addresses in the host table;
- btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
- capsman - added "vlan-mode=no-tag" option;
- capsman - added possibility to downgrade CAP with Upgrade command from CAPsMAN;
- capsman - return complete CA chain when issuing new certificate;
- capsman - use "adaptive-noise-immunity" value from CAP local configuration;
- certificate - added option to store CRL in RAM (CLI only);
- certificate - fixed SCEP "get" request URL encoding;
- certificate - improved CRL update after system startup;
- certificate - show "Expired" flag when initial CRL fetch fails;
- certificate - show invalid flag when local CRL file does not exist;
- chr - added KVM memory balloon support;
- chr - added suspend support;
- console - do not stop "/certificate sign" process if console times out in 1 minute;
- console - removed "/setup";
- crs317 - added initial support for HW offloaded MPLS forwarding;
- crs317 - fixed reliability on FAN controller;
- crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
- crs326 - improved transmit performance from SFP+ to Ethernet ports;
- crs3xx - added ingress/egress rate input limits;
- crs3xx - hide unused switch "vlan-mode", "vlan-header-mode" and "default-vlan-id" options;
- crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
- dhcp - fixed DHCP services failing after reboot when DHCP option was used;
- dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
- dhcp - require DHCP option name to be unique;
- dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
- dhcp-server - added "option-set" argument (CLI only);
- dhcp-server - added basic RADIUS accounting;
- dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
- dhcpv4-client - allow to use DUID for client as identity string as the option 61;
- dhcpv4-server - added "NETWORK_GATEWAY" option variable;
- dhcpv4-server - strip trailing "\0" in "hostname" if present;
- discovery - use "/interface list" instead of interface name under neighbor discovery settings;
- e-mail - do not show errors when sending e-mail from script;
- eoip - made L2MTU parameter read-only;
- ethernet - removed "master-port" parameter;
- export - fixed interface list export;
- fetch - accept all HTTP 2xx status codes;
- filesystem - implemented additional system integrity checks on reboots;
- firewall - added "tls-host" firewall matcher;
- health - fixed bogus voltage readings on CCR1009;
- hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
- hotspot - fixed Walled Garden IP functionality when address-list is used;
- ike1 - DPD retry interval set to 5 seconds;
- ike1 - disallow peer creation using base mode;
- ike1 - fixed crash on xauth if user does not exist;
- ike1 - fixed memory corruption when IPv6 is used;
- ike1 - improved stability on phase1 rekeying;
- ike1 - release mismatched PH2 peer IDs;
- ike1 - use /32 netmask if none provided by mode config;
- ike2 - added support for multiple split networks;
- ike2 - check identities on "initial-contact";
- ike2 - do not allow to configure nat-traversal;
- ike2 - fixed PH1 lifetime reset on boot;
- ike2 - fixed initiator DDoS cookie processing;
- ike2 - fixed responder DDoS cookie first notify type check;
- ike2 - kill connection when peer changes address;
- ike2 - use peer configuration address when available on empty TSi;
- interface - added "/interface reset-counters" command (CLI only);
- interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
- interface - added option to join and exclude "/interface list" from one and another;
- interface - fixed corrupted "/interface list" configuration after upgrade;
- ippool6 - try to assign desired prefix for client if prefix is not being already used;
- ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
- ipsec - allow to specify "remote-peer" address as DNS name;
- ipsec - fixed incorrect esp proposal key size usage;
- ipsec - fixed policy enable/disable;
- ipsec - improved hardware accelerated IPSec performance on 750Gr3;
- ipsec - improved reliability on certificate usage;
- ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
- ipsec - skip invalid policies for phase2;
- ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
- l2tp - improved reliability on packet processing in FastPath;
- l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
- lcd - fixed "flip-screen=yes" state after reboot;
- log - added "bridge" topic;
- log - fixed interface name in log messages;
- log - optimized "poe-out" logging topic logs;
- lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
- lte - added Passthrough support;
- lte - added Yota non-configurable modem support;
- lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
- lte - automatically add "/ip dhcp-client" configuration on interface;
- lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
- lte - fixed Passthrough support;
- lte - fixed authentication for non LTE modes;
- lte - fixed error when trying to add APN profile without name;
- lte - fixed rare crash when initializing LTE modem after reset;
- lte - fixed user authentication for R11e-LTE when new firmware is used;
- lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
- lte - limited minimal default route distance to 1;
- lte - update info command with "location area code" and "physical cell id" values;
- m11g - improved ethernet performance on high load;
- mac-server - use "/interface list" instead of interface name under MAC server settings;
- modem - added initial support for Alcatel IK40 and Olicard 500;
- neighbor - show neighbors on actual bridge port instead of bridge itself
- netinstall - fixed missing "/flash/etc" on first bootup;
- netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
- ospf - fixed OSPF v2 and v3 neighbor election;
- ovpn-server - do not periodically change automatically generated server MAC address;
- poe - added new "poe-out" status "controller-error";
- poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
- poe - log PoE status related messages under debug topic;
- ppp - added initial support for PLE902;
- ppp - added support for Sierra MC7750, Verizon USB730L;
- ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
- ppp - fixed "change-mss" functionality when MSS option is missing on forwrded packets;
- ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
- ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
- pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
- pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
- quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
- quickset - fixed LTE quickset mode APN field;
- quickset - fixed situation when Quickset automatically changes mode to CPE;
- quickset - renamed router IP static DNS name to "router.lan";
- radius - limited RADIUS timeout maximum value to 3 seconds;
- route - fixed potential route crash on routing table update;
- scheduler - properly display long scheduler configuration;
- sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
- sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
- sms - fixed minor problem for SMS delivery;
- sms - log decoded USSD responses;
- snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
- snmp - fixed bridge host requests on devices with multiple bridge interfaces;
- snmp - fixed bulk requests when non-repeaters are used;
- snmp - fixed consecutive OID bulk get from the same table;
- snmp - show only available OIDs under "/system health print oid";
- ssh - do not use DH group1 with strong-crypto enabled;
- ssh - enforced 2048bit DH group on tile and x86 architectures;
- system - show USB topology for the device info;
- tile - improved hardware encryption processes;
- tr069-client - fixed "/interface lte apn" configuration parameters;
- traceroute - improved "/tool traceroute" results processing;
- upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
- upnp - deny UPnP request if port is already used by the router;
- ups - fixed duplicate "failed" UPS logs;
- userman - allow to generate more than 999 users;
- w60g - added "put-stations-in-bridge" and "isolate-stations" options to manage connected clients;
- w60g - connected stations are treated as separate interfaces;
- webfig - added favicon file;
- webfig - fixed router getting reset to default configuration;
- webfig - fixed terminal graphic user interface under Safari browser;
- winbox - added "W60G station" tab in Wireless menu;
- winbox - added "notrack-chain" setting to IPSec peers;
- winbox - added support for "_" symbol in terminal window;
- winbox - added switch menu on RB1100AHx4;
- winbox - do not show MetaROUTER stuff on RB1100AHx4;
- winbox - do not show duplicate "Switch" menus for CRS326;
- winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
- winbox - do not show duplicate filter parameters "Published" in ARP list;
- winbox - do not show unnecessary tabs from "Switch" menu;
- winbox - fixed "/certificate sign" process;
- winbox - fixed bridge port sorting order by interface name;
- winbox - show warnings under "/system routerboard settings" menu;
- wireless - added "allow-signal-out-off-range" option for Access List entries;
- wireless - added "indonesia3" regulatory domain information;
- wireless - added passive scan option for wireless scan mode;
- wireless - added support for CHARGEABLE_USER_ID in EAP Accounting;
- wireless - check APs against connect-list rules starting with strongest signal;
- wireless - do not show background scan frequencies in the monitor command channel field;
- wireless - improved reliability on "rx-rate" selection process;
- wireless - increased the EAP message retransmit count;
- wireless - log "signal-strength" when successfully connected to AP;
- wireless - pass interface MAC address in Sniffer TZSP frames;
- wireless - updated "UK 5.8 Fixed" and "Australia" country data;
- wireless - updated "united kingdom" regulatory domain information.
Полезные материалы по MikroTik
Углубленный курс "Администрирование сетевых устройств MikroTik" Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь