MikroTik RouterOS 6.41.x (Stable)

Подробное описание изменений в MikroTik RouterOS 6.41.x (Stable). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 22 декабря 2017, дата выхода последнего набора изменений – 5 апреля 2018.

Полезные материалы по MikroTik

Углубленный курс "Администрирование сетевых устройств MikroTik"
Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.

На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь

MikroTik RouterOS 6.41.4

Дата выхода: 5 апреля 2018

Важные изменения:

tile - improved overall system performance and stability ("/system routerboard upgrade" required);

Изменения:

led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
led - removed unused "link-act-led" trigger for devices which does not use it;
netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
poe - do not show "poe-out-current" on devices which can not determine it;
poe - hide PoE related properties on interfaces which does not provide power output;
winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
winbox - show dual SIM options only for RouterBOARDs which does have two SIM slots;
winbox - use proper graph name for HDD graphs;
wireless - enable all chains by default on devices without external antennas after configuration reset.

MikroTik RouterOS 6.41.3

Дата выхода: 8 марта 2018

Важные изменения:

smb - fixed buffer overflow vulnerability, everyone using this feature is urged to upgrade;
tile - improved overall system performance and stability ("/system routerboard upgrade" required);

Изменения:

chr - automatically generate new system ID on first startup;
console - do not allow variables that start with digit to be referenced without "$" sign;
defconf - fixed DISC Lite5 LED default configuration;
export - fixed "/system routerboard mode-button" compact export;
filesystem - improved error correction process on RB1100AHx4 storage;
firewall - fixed "tls-host" firewall feature (introduced in v6.41);
gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
lte - fixed r11-LTE-US interface initialization process after reboot;
romon - make "secret" field sensitive in console;
smb - improved NetBIOS name handling and stability;
snmp - fixed w60g SSID value;
tile - fixed bogus voltage readings;
tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
usb - improved packet processing over USB modems;
winbox - fixed "/tool e-mail send" attachment behavior;
winbox - fixed maximal ID for Traffic Generator stream;
winbox - removed "Enable" and "Disable" buttons from IPsec "mode-config" list;
winbox - show "D" flag under "/ip dhcp-client" menu;
wireless - removed unused "/interface wireless registration-table monitor" command.

MikroTik RouterOS 6.41.2

Дата выхода: 6 февраля 2018

Изменения:

bridge - fixed ARP settings on bridge interfaces (introduced v6.41);
discovery - fixed discovery interface list change;
disk - fixed disk related processes becoming unresponsive after unplugging used disk;
filesystem - fixed situations when "/flash" directory lost files after upgrade;
ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
routerboard - properly report warnings under "/system routerboard" menu;
snmp - added w60g support;
w60g - fixed "/interface w60g reset-configuration";
webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
winbox - changed default bridge port PVID value to 1;
wireless - fixed wireless protocol mode restrictions if lockpack is installed and has limits for it.

MikroTik RouterOS 6.41.1

Дата выхода: 30 января 2018

Изменения:

bridge - fixed "mst-override" export;
bridge - fixed allowed MSTI priority values;
bridge - fixed ARP option changing on bridge (introduced v6.41);
bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
bridge - fixed hw-offload disabling when adding a port with "horizon" set;
bridge - fixed IGMP Snooping after disabling/enabling bridge;
bridge - fixed interface list moving in "/interface bridge port" menu;
bridge - fixed repetitive port "priority" set;
bridge - fixed situation when packet could be sent with local MAC as dst-mac;
bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
btest - fixed TCP test accuracy when low TX/RX rates are used;
certificate - do not use utf8 for SCEP challenge password;
certificate - fixed PKCS#10 version;
crs317 - improved transmit performance between 10G and 1G ports;
crs326 - fixed possible packet leaking from CPU to switch ports;
crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
detnet - additional work on "detect-internet" implementation;
dhcpv4-server - fixed framed and classless route received from RADIUS server;
discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
dude - fixed e-mail notifications when default port is not used;
firewall - fixed "tls-host" firewall feature (introduced v6.41);
firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
ike2 - delay rekeyed peer outbound SA installation;
ike2 - improve half-open connection handling;
ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
log - properly report bridge interface MAC address changes;
netinstall - improved LTE package description;
netinstall - properly generate skins folder when branding package is installed;
ovpn - fixed resource leak on systems with high CPU usage;
ppp - changed default value of "route-distance" to 1;
ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
radius - added warning if PPP authentication over RADIUS is enabled;
radius - increase allowed RADIUS server timeout to 60s;
rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
routerboot - fixed missing upgrade firmware for "ar7240" devices;
sfp - improved SFP module compatibility;
snmp - allow also IPv6 on default public community;
tile - fixed USB device speed detection after reboot;
traffic-flow - do not count single extra packet per each flow;
webfig - added support for proper default policies when adding script or scheduler job;
webfig - fixed bridge port sorting order by name;
webfig - fixed MAC address ordering;
webfig - fixed wireless snooper address, SSID and other column ordering;
winbox - added "dhcp-option-set" to DHCP server;
winbox - allow to specify "to-ports" for "action=masquerade";
winbox - do not show "hw" option on non-Ethernet interfaces;
winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
wireless - updated "Czech Republic" country 5.8 GHz frequency range.

MikroTik RouterOS 6.41

Дата выхода: 22 декабря 2017

Важные примечания:

RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Важные изменения:

bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
detnet - implemented "/interface detect-internet" feature; https://wiki.mikrotik.com/wiki/Manual:Detect_internet
bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
routerboot - RouterBOOT version numbering system merged with RouterOS;
w60g - added Point to Multipoint support;
w60g - revised "master" and "slave" interface modes to more familiar "bridge", "ap-bridge", "station-bridge";
wireless - new driver with initial support for 160 and 80+80 MHz channel width.

Изменения:

arm - minor improvements on CPU load distribution for RB1100 series devices;
arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
bgp - added 32-bit private ASN support;
bridge - added comment support for VLANs;
bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
bridge - added support for "/interface list" as a bridge port;
bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
bridge - changed "Host" and "MDB" table column order;
bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
bridge - fixed "fast-forward" counters;
bridge - fixed ARP setting (introduced in v6.40rc36);
bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
bridge - fixed multicast forwarding (introduced in v6.40rc36);
bridge - implemented dynamic entries for active MST port overrides;
bridge - implemented software based "igmp-snooping";
bridge - implemented software based MSTP;
bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
bridge - set "igmp-snooping=no" by default on new bridges;
bridge - show "admin-mac" only if "auto-mac=no";
bridge - show bridge interface local addresses in the host table;
btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
capsman - added "vlan-mode=no-tag" option;
capsman - added possibility to downgrade CAP with Upgrade command from CAPsMAN;
capsman - return complete CA chain when issuing new certificate;
capsman - use "adaptive-noise-immunity" value from CAP local configuration;
certificate - added option to store CRL in RAM (CLI only);
certificate - fixed SCEP "get" request URL encoding;
certificate - improved CRL update after system startup;
certificate - show "Expired" flag when initial CRL fetch fails;
certificate - show invalid flag when local CRL file does not exist;
chr - added KVM memory balloon support;
chr - added suspend support;
console - do not stop "/certificate sign" process if console times out in 1 minute;
console - removed "/setup";
crs317 - added initial support for HW offloaded MPLS forwarding;
crs317 - fixed reliability on FAN controller;
crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
crs326 - improved transmit performance from SFP+ to Ethernet ports;
crs3xx - added ingress/egress rate input limits;
crs3xx - hide unused switch "vlan-mode", "vlan-header-mode" and "default-vlan-id" options;
crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
dhcp - fixed DHCP services failing after reboot when DHCP option was used;
dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
dhcp - require DHCP option name to be unique;
dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
dhcp-server - added "option-set" argument (CLI only);
dhcp-server - added basic RADIUS accounting;
dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
dhcpv4-client - allow to use DUID for client as identity string as the option 61;
dhcpv4-server - added "NETWORK_GATEWAY" option variable;
dhcpv4-server - strip trailing "\0" in "hostname" if present;
discovery - use "/interface list" instead of interface name under neighbor discovery settings;
e-mail - do not show errors when sending e-mail from script;
eoip - made L2MTU parameter read-only;
ethernet - removed "master-port" parameter;
export - fixed interface list export;
fetch - accept all HTTP 2xx status codes;
filesystem - implemented additional system integrity checks on reboots;
firewall - added "tls-host" firewall matcher;
health - fixed bogus voltage readings on CCR1009;
hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
hotspot - fixed Walled Garden IP functionality when address-list is used;
ike1 - DPD retry interval set to 5 seconds;
ike1 - disallow peer creation using base mode;
ike1 - fixed crash on xauth if user does not exist;
ike1 - fixed memory corruption when IPv6 is used;
ike1 - improved stability on phase1 rekeying;
ike1 - release mismatched PH2 peer IDs;
ike1 - use /32 netmask if none provided by mode config;
ike2 - added support for multiple split networks;
ike2 - check identities on "initial-contact";
ike2 - do not allow to configure nat-traversal;
ike2 - fixed PH1 lifetime reset on boot;
ike2 - fixed initiator DDoS cookie processing;
ike2 - fixed responder DDoS cookie first notify type check;
ike2 - kill connection when peer changes address;
ike2 - use peer configuration address when available on empty TSi;
interface - added "/interface reset-counters" command (CLI only);
interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
interface - added option to join and exclude "/interface list" from one and another;
interface - fixed corrupted "/interface list" configuration after upgrade;
ippool6 - try to assign desired prefix for client if prefix is not being already used;
ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
ipsec - allow to specify "remote-peer" address as DNS name;
ipsec - fixed incorrect esp proposal key size usage;
ipsec - fixed policy enable/disable;
ipsec - improved hardware accelerated IPSec performance on 750Gr3;
ipsec - improved reliability on certificate usage;
ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
ipsec - skip invalid policies for phase2;
ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
l2tp - improved reliability on packet processing in FastPath;
l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
lcd - fixed "flip-screen=yes" state after reboot;
log - added "bridge" topic;
log - fixed interface name in log messages;
log - optimized "poe-out" logging topic logs;
lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
lte - added Passthrough support;
lte - added Yota non-configurable modem support;
lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
lte - automatically add "/ip dhcp-client" configuration on interface;
lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
lte - fixed Passthrough support;
lte - fixed authentication for non LTE modes;
lte - fixed error when trying to add APN profile without name;
lte - fixed rare crash when initializing LTE modem after reset;
lte - fixed user authentication for R11e-LTE when new firmware is used;
lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
lte - limited minimal default route distance to 1;
lte - update info command with "location area code" and "physical cell id" values;
m11g - improved ethernet performance on high load;
mac-server - use "/interface list" instead of interface name under MAC server settings;
modem - added initial support for Alcatel IK40 and Olicard 500;
neighbor - show neighbors on actual bridge port instead of bridge itself
netinstall - fixed missing "/flash/etc" on first bootup;
netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
ospf - fixed OSPF v2 and v3 neighbor election;
ovpn-server - do not periodically change automatically generated server MAC address;
poe - added new "poe-out" status "controller-error";
poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
poe - log PoE status related messages under debug topic;
ppp - added initial support for PLE902;
ppp - added support for Sierra MC7750, Verizon USB730L;
ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
ppp - fixed "change-mss" functionality when MSS option is missing on forwrded packets;
ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
quickset - fixed LTE quickset mode APN field;
quickset - fixed situation when Quickset automatically changes mode to CPE;
quickset - renamed router IP static DNS name to "router.lan";
radius - limited RADIUS timeout maximum value to 3 seconds;
route - fixed potential route crash on routing table update;
scheduler - properly display long scheduler configuration;
sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
sms - fixed minor problem for SMS delivery;
sms - log decoded USSD responses;
snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
snmp - fixed bridge host requests on devices with multiple bridge interfaces;
snmp - fixed bulk requests when non-repeaters are used;
snmp - fixed consecutive OID bulk get from the same table;
snmp - show only available OIDs under "/system health print oid";
ssh - do not use DH group1 with strong-crypto enabled;
ssh - enforced 2048bit DH group on tile and x86 architectures;
system - show USB topology for the device info;
tile - improved hardware encryption processes;
tr069-client - fixed "/interface lte apn" configuration parameters;
traceroute - improved "/tool traceroute" results processing;
upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
upnp - deny UPnP request if port is already used by the router;
ups - fixed duplicate "failed" UPS logs;
userman - allow to generate more than 999 users;
w60g - added "put-stations-in-bridge" and "isolate-stations" options to manage connected clients;
w60g - connected stations are treated as separate interfaces;
webfig - added favicon file;
webfig - fixed router getting reset to default configuration;
webfig - fixed terminal graphic user interface under Safari browser;
winbox - added "W60G station" tab in Wireless menu;
winbox - added "notrack-chain" setting to IPSec peers;
winbox - added support for "_" symbol in terminal window;
winbox - added switch menu on RB1100AHx4;
winbox - do not show MetaROUTER stuff on RB1100AHx4;
winbox - do not show duplicate "Switch" menus for CRS326;
winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
winbox - do not show duplicate filter parameters "Published" in ARP list;
winbox - do not show unnecessary tabs from "Switch" menu;
winbox - fixed "/certificate sign" process;
winbox - fixed bridge port sorting order by interface name;
winbox - show warnings under "/system routerboard settings" menu;
wireless - added "allow-signal-out-off-range" option for Access List entries;
wireless - added "indonesia3" regulatory domain information;
wireless - added passive scan option for wireless scan mode;
wireless - added support for CHARGEABLE_USER_ID in EAP Accounting;
wireless - check APs against connect-list rules starting with strongest signal;
wireless - do not show background scan frequencies in the monitor command channel field;
wireless - improved reliability on "rx-rate" selection process;
wireless - increased the EAP message retransmit count;
wireless - log "signal-strength" when successfully connected to AP;
wireless - pass interface MAC address in Sniffer TZSP frames;
wireless - updated "UK 5.8 Fixed" and "Australia" country data;
wireless - updated "united kingdom" regulatory domain information.

Полезные материалы по MikroTik

Углубленный курс "Администрирование сетевых устройств MikroTik"
Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.

На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь