MikroTik RouterOS 6.37.x

Подробное описание изменений в MikroTik RouterOS 6.37.x. Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 23 сентября 2016, дата выхода последнего набора изменений – 9 марта 2017.

Полезные материалы по MikroTik

Секреты настройки MikroTik

Более 18.000 подписчиков самого большого telegram-канала «MikroTik-сэнсэй» первыми узнают секреты настройки MikroTik от автора этой статьи.

Подписаться на «MikroTik‑сэнсэй»

MikroTik RouterOS 6.37.5 Long term

Дата выхода: 9 марта 2017

Важные изменения:

• www - fixed http server vulnerability.

Изменения:

• chr - fixed problem when transmit speed was reduced by interface queues;
• dhcp - do not listen on IPv4/IPv6 client to IPv6 MLD packets;
• dude - (changes discussed here: https://wiki.mikrotik.com/wiki/Manual:The_Dude_v6/dude_v6.xx_changelog);
• export - do not show "read-only" IRQ entries;
• filesystem - implemented procedures to verify and restore internal file structure integrity upon upgrading;
• firewall - do not allow to set "time" parameter to 0s for "limit" option;
• firewall - fixed import of exported configuration that had updated "limit" setting;
• graphing - fixed graphing crash when high amount of traffic is processed;
• hotspot - fixed rare kernel crash on multicore systems;
• hotspot - fixed redirect to URL where escape characters are used (requires newly generated HTML files);
• hotspot - show Host table commentaries also in Active tab and vice versa;
• interface - do not treat multiple zeros as single zero on name comparison;
• irq - properly detect all IRQ entries;
• l2tp-client - fixed IPSec policy generation after reboot;
• lcd - show fan2 speed only if it is available;
• leds - fixed defaults for RBSXT5HacD2nr2;
• mmips - improved general stability;
• rb3011 - fixed noise from buzzer after silent boot;
• switch - fixed crash when trying to configure second master port on the same chipset (RB3011, RB2011, CCR1009-8G-1S+);
• userman - allow access to User Manager users page only through "/user" URL;
• userman - show warning when no users are selected for CSV file generation;
• winbox - added "add-relay-info" and "relay-info-remote-id" to DHCP relay;
• winbox - added H flag to "/ip arp" ;
• winbox - added missing "use-fan2" and "active-fan2" to "/system health";
• winbox - allow shorten bytes to k,M,G in bridge firewall just like in “/ip firewall”;
• winbox - do not hide "power-cycle-after" option;
• winbox - do not hide 00:00:00:00:00:00 MAC address in unpublished ARPs;
• winbox - fixed matching "connection-state=untracked" connections;
• winbox - fixed typo in “/system resources pci” list;
• winbox - hide advertise tab in Hotspot user profile configuration if "transparent-proxy" is not enabled;
• winbox - make "power-cycle-after" show correct value;
• winbox - make "power-cycle-interval" not to depend on "power-cycle-ping-enabled" in PoE settings;
• winbox - properly show BGP communities in routing filters table filter;
• wireless - fixed scan tool stuck in background;
• wireless - improved compatibility with Intel 2200BG wireless card;
• wireless - update Thailand country frequency settings.

MikroTik RouterOS 6.37.4 Long term

Дата выхода: 13 января 2017

Изменения:

• bonding - fixed "tx-drop" on VLAN over bonding on x86;
• certificates - added year cap (invalid-after date will not exceed year 2039);
• certificates - fixed crash when crl is removed while it is being fetched;
• certificates - fixed fail on import from CAPs when both key and name already exist;
• crs - added comment ability in more switch menus;
• dhcpv6-client - fixed DHCPv6 rebind on startup;
• dhcpv6-server - fixed server removal crash if static binding was present;
• dns - fixed typo in regexp error message;
• dude - (changes here: http://wiki.mikrotik.com/wiki/Manual:The_Dude_v6/dude_v6.xx_changelog);
• export - updated default values to clean up export compact;
• fan - improved RPM monitor on CCR1009;
• firewall - do not defragment packets which are marked with "notrack" in raw firewall;
• firewall - fixed "time" option by recognizing weekday properly (introduced in v6.37.2);
• firewall - fixed dynamic raw rule behaviour;
• firewall - fixed rule activation if "time" option is used and no other active rules are present;
• firewall - nat action "netmap" now requires to-addresses to be specified;
• health - report fan speed for RB800 and RB1100 when 3-pin fan is being used;
• hotspot - fixed nat rule port setting in "hs-unauth-to" chain by changing it from "dst-port" to "src-port" on Walled Garden ip "return" rules;
• ipsec - fixed kernel failure on tile with sha256 when hardware encryption is not being used;
• ipv6 - added warning about having interface MTU less than minimal IPv6 packet fragment (1280);
• ipv6 - moved empty IPv6 pool error message to error topic;
• led - fixed dark mode for cAP 2nD (http://wiki.mikrotik.com/wiki/Manual:System/LEDS#Leds_Setting);
• license - fixed demo license expiration after installation on x86;
• log - improved firewall log messages when NAT has changed only connection ports;
• lte - increased delay when setting sms send mode;
• metarouter - fixed startup process (introduced in 6.37.2);
• ppp - fixed packet size calculation when MRRU is set (was 2 bytes bigger than MTU allows);
• ppp - significantly improved shutdown speed on servers with many active tunnels;
• ppp - significantly improved tunnel termination process on servers with many active tunnels;
• profile - added "bfd" and "remote-access" processes;
• profile - added ability to monitor cpu usage per core;
• profile - make profile work on mmips devices;
• profile - properly classify "wireless" processes;
• proxy - fixed "max-cache-object-size" export;
• proxy - speed-up almost empty disk cache clean-up;
• queue - fixed "time" option by recognizing weekday properly (introduced in v6.37.2);
• quickset - various small changes;
• rb750Gr3 - fixed ipsec with 3des+md5 to work on this board;
• rb751u - fixed ethernet LEDs;
• snmp - always report bonding speed as speed from first bonding slave;
• snmp - fixed rare crash when incorrectly formatted packet was received;
• ssh - fixed high memory consumption when transferring file over ssh tunnel;
• switch - fix BPDU dynamic Host table entry on Atheros Gigabit switch chips;
• time - updated time zones;
• traceroute - fixed memory leak;
• trafficgen - fixed compact export when "header-stack" includes tcp;
• vlan - allow to add multiple VLANs which name starts with same number and has same length;
• vrrp - do not show unrelated log warning messages about version mismatch;
• watchdog - do not send supout file if "auto-send-supout" is disabled;
• webfig - added extra protection against XSS exploits;
• webfig - show properly interface last-link-up/down times;
• webfig - show properly large BGP AS numbers;
• winbox - added "Complete" flag to arp table;
• winbox - added "make-static" to IPv6 DHCP server bindings;
• winbox - added "prefix-pool" to DHCPv6 server binding;
• winbox - added upstream flag to IGMP proxy interfaces;
• winbox - allow to enable/disable traffic flow targets;
• winbox - allow to specify "connection-bytes" & "connection-rate" for any protocol in “/ip firewall” rules;
• winbox - allow to specify "sip-timeout" under ip firewall service-ports;
• winbox - do not allow to set "loop-protect-send-interval" to 0s;
• winbox - do not create empty rates.vht-basic/supported-mcs if not specified in CAPsMAN;
• winbox - fixed crash when legacy Winbox version was used;
• winbox - fixed default values for interface "loop-protect-disable-time" and "loop-protect-send-interval";
• winbox - fixed missing "IPv6/Settings" menu;
• winbox - fixed typo in "propagate-ttl" setting;
• winbox - properly show VHT basic and supported rates in CAPsMAN;
• winbox - show all related HT tab settings in 2GHz-g/n mode;
• winbox - show dynamic IPv6 pools properly;
• winbox - show errors on IPv6 addresses;
• winbox - show proper ipv6 connection timeout;
• winbox - specify metric for “/ip dns cache-used” setting;
• wireless - fixed full "spectral-history" header print on AP modes;
• wireless - fixed upgrade from older wireless packages when AP interface had empty SSID;
• wireless - show comment on "security-profile" if it is set.

MikroTik RouterOS 6.37.3 Stable

Дата выхода: 28 ноября 2016

Изменения:

• bgp - do not match all prefixes tagged with community 0:0 by routing filters;
• bridge - fixed filter Ingress Priority option (broken in 6.36rc8);
• chr - fixed crash on "/interface print" (introduced in 6.36.4);
• chr - fixed crash on "/system reboot" and "/system shutdown";
• crs226 - fixed sfp-sfpplus1 link re-negotiation (broken in 6.37rc28/v6.37.1);
• disk - fixed issue when disk was renamed after reboot on devices with flash disks;
• dns - do not resolve incorrect addresses after changes made in static dns entries;
• dns - improved static dns entry add speed when regexp is being used;
• dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=112598);
• firewall - fixed filter rule "limit" parameter by making it visible again;
• firewall - fixed interface slave state recognition (broken in 6.37.2);
• firewall - fixed timeout option on address lists with domain name;
• log - ignore email topic if action is email;
• mipsbe - improved memory allocation on devices with nand when file transfer and tcp traffic processing is on progress;
• route - fixed memory leak when route cache is disabled;
• tile - fixed rare kernel failure when IPv6 neighbor discovery packet is received;
• traceroute - fixed crash when too many sessions are active;
• tunnel - allow to force mtu value when actual-mtu is already the same;
• winbox - recognize properly tcp in traffic-generator packet-template header type;
• winbox - show HT MCS tab if 2GHz-G/N band is used.

MikroTik RouterOS 6.37.2 Stable

Дата выхода: 8 ноября 2016

Важные примечания:

• Dude client auto-upgrade to this version will not work. Use http://www.mikrotik.com/download_for_6.37.2_client_download/install.

It will be fixed in soon to be released v6.37.3

Важные изменения:

• ethernet - optimized packet processing on low load when irq re-balance is not necessary;
• fastpath - let one packet per second through slow path to properly update connection timeouts;
• queues - significantly improved hashing algorithm in dynamic simple queue setups (fixes CPU load spikes on queue removal).

Изменения:

• arm - improved watchdog reliability;
• bonding - fixed 802.3ad load balancing over routed VLANs with fastpath enabled;
• bonding - fixed mac address selection after upgrade;
• crs - fixed port mirroring halt after L2MTU change;
• dhcp - do not allow to create dhcp-server on slave interface;
• ethernet - fixed interface speed reporting for x86 in log after reboot or if "disable-running-check=yes";
• ethernet - fixed potential loopprotect crash;
• export - fixed "/interface ethernet switch export" on some boards;
• export - fixed CRS switch egress-vlan-tag export;
• fastpath - fixed kernel failure when fastpath traffic goes into loop;
• fastpath - improved connection tracking timeout updates;
• firewall - do not allow to increase/decrease ttl and hop-limit by 0;
• firewall - fixed "connection-state" value disappearance in rules that were created before v6.22;
• firewall - fixed compact export (introduced in 6.37rc14);
• firewall - improved "time" option (ranges like 22h-10h now are acceptable);
• hotspot - fixed nat rule dst-port by making it visible again for Walled Garden ip return rules;
• ipsec - changed logging topic from error to debug for ph2 transform mismatch messages;
• ipv6 - increased default max-neighbor-entries value to 8192, same as ipv4;
• mmips - improved watchdog reliability;
• package - show minimal supported RouterOS version under "/system resource" menu if it is specified;
• queue - fixed rare crash on statistic gathering in "/queue tree";
• queue - improved "time" option (ranges like 22h-10h are now usable);
• rb2011 - fixed crash on l2mtu changes;
• sms - fixed crash after modem has failed to start;
• ssl - fixed potential memory leak ( when using dude for example);
• torch - fixed aggregate statistics appearance;
• traffic-flow - fixed dst-port reporting if connection is not maintained by connection tracking;
• userman - fixed memory leak on user limitation calculations;
• winbox - added led settings menu;
• winbox - fixed missing switch menu for mmips devices.

MikroTik RouterOS 6.37.1 Stable

Дата выхода: 30 сентября 2016

Важные изменения:

• package - fixed wireless package status after upgrade to 6.37 (extra reboot after upgrade is necessary);
• ssl - fixed peer address/dns verification from certificate (affects sstp, fetch, capsman);
• winbox - now Winbox 3.6 is the minimum version that can connect to RouterOS.

Изменения:

• console - fixed typo in web-proxy (passthru to passhtrough);
• dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=112599);
• export - do not show mac-address in export when it is not necessary;
• firewall - fixed dynamic dummy firewall rules appearance in raw tables;
• hotspot - fixed nat rule dst-port by making it visible again;
• led - fixed default led settings for wAP2nDr2;
• snmp - do not allow to execute script if user does not have write permission;
• tile - do not reboot device after watchdog disable/enable;
• userman - always re-fetch table data when switching between different menus;
• userman - fixed timezone adjustment in reports;
• webfig - fixed channel selection in check-for-update menu in Firefox;
• winbox - added loop-protect settings;
• winbox - added passthrough state to web-proxy;
• winbox - allow to unset http-proxy field for sstp client;
• winbox - do not show health menu on RB951-2n;
• winbox - fixed typo in dhcpv6 relay (DCHP to DHCP);
• winbox - show address expiration time in dhcp client list;
• wireless - show DFS flag in country-info command output.

MikroTik RouterOS 6.37 Stable

Дата выхода: 23 сентября 2016

Важные примечания:

• There will be only one "wireless" package starting from RouterOS v6.37.
• DFS configuration in RouterOS has been redesigned, now device looks at specified country settings (/interface wireless info country-info), and applies corresponding DFS mode for each frequency range automatically, making dfs-mode setting unnecessary.
• Please, check that your frequencies work with corresponding DFS settings before upgrade.

Важные изменения:

• console - dfs-mode setting does not exist any more and all scripts with such setting will not be executed;
• dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=110424);
• dude - from now on dude will use winbox port and it will be changed automatically both in client loader and agent configuration;
• ethernet - added new loop-protect feature for ethernet, vlan, eoip, eoipv6 interfaces, http://wiki.mikrotik.com/wiki/Manual:Loop_Protect ;
• wireless - "wireless" package included in bundle "routeros" package;
• wireless - "wireless-cm2" discontinued;
• wireless - "wireless-rep" renamed to "wireless";
• wireless - DFS option is removed, corresponding DFS mode for each frequency range applies automatically.

Изменения:

• capsman - fixed kernel crash on cap while changing client-to-client forwarding;
• capsman - report radio-name in registration table;
• certificate - do not allow to remove certificate template while signing certificate;
• console - hotspot setup show wrong certificate name;
• defconf - fixed default configuration restore if virtual wireless interface were present;
• defconf - fixed default configuration when wireless package is used;
• defconf - using caps button now forces all wireless interfaces in caps mode;
• dhcpv6 - improved interface status tracking;
• dhcpv6 - reworked DHCP-PD server interface and route management;
• dhcpv6 - update DUID when system-id changes (solves problem when cloned VM retains the same DUID);
• dns - fixed crash when using regexp static dns entries;
• ethernet - added support for LAN9514 ethernet dongle;
• ethernet - allow to force mtu value when actual-mtu is already the same;
• ethernet - fixed loop-protect on bridged ports;
• ethernet - fixed never ending loop in CDP packet processing;
• ethernet - fixed rare kernel failure on non-switch ethernet reset;
• ethernet - rb44ge now have disabled-running-check=no by default;
• firewall - added additional matchers for firewall raw rules;
• firewall - fixed time based rules on time/timezone changes (again);
• gps - always check NMEA checksum if available;
• health - do not show psu and fan information for passive cooling devices;
• hotspot - show comments from user menu also in active menu;
• ipsec - fixed crash with enabled fragmentation;
• ipsec - fixed dynamic policy not deleted on disconnect for nat-t peers;
• ipsec - fixed fragmentation use negotiation;
• ipsec - fixed kernel crash when sha512 was used;
• ipv6 - fixed RA and RS processing on new interfaces after many interfaces have lost link during prolonged operation;
• ipv6 - improved system responsiveness when ipv6 routes are frequently modified;
• ipv6 - show multiple neighbors with the same address;
• kvm - fix add/remove of disabled interfaces;
• kvm - fixed guest crashing when using mtu bigger than 1504;
• l2tp - fixed kernel failure when fastpath handles l2tp packets;
• leds - added option to disable all leds on RBcAP2n;
• lte - added ability to send/receive sms using '/tool sms';
• lte - added dlink dwm-157 D, dwm-222 support;
• lte - added huawei me909s variant;
• lte - added initial deregistration only for bandrich modems;
• lte - added logging for usb config switching;
• lte - added Pantech UML295, Vodafone K4201-Z, ZTE MF823/MF831 support;
• lte - added rndis for ZTE MF8xx;
• lte - added support for more dlink dwm-222 configurations;
• lte - added switch for Huawei K5160;
• lte - added zte K5008-Z back;
• lte - adjusted usb config for dlink dwm-157 D;
• lte - fixed at chat condition storage;
• lte - fixed band setting for sxt lte;
• lte - fixed band unsetting;
• lte - fixed default channels for dlink dwm-157;
• lte - fixed ip activation when CREG (circuit switched) state remains in not registered state;
• lte - fixed setting correct lte band for sxt lte;
• lte - process initial state change to deregistred, when lockup occurs;
• lte - reset if sms storage set fails;
• mpls - fixed memory leak;
• mpls - fixed vpls throughput issues caused by out-of-order packets;
• ntp - fixed ntp server when local-clock used (like usb gps module);
• partitions - added ability to add comments;
• ppp - use default-route-distance when adding ipv6 default route;
• ppp,lte - pin is now converted to string argument;
• pppoe - fixed disconnects by idle timeout when fastpath is used;
• quickset - added 2GHz-g/n band support;
• quickset - fixed guest reporting in "home ap dual" mode;
• quickset - fixed wireless frequency fields in "home ap dual" mode;
• rb3011 - fixed rare occasions when router would hang while loading kernel;
• routing - improved kernel performance in setups with large routing tables;
• sfp - enabled eeprom printout in /interface ethernet monitor;
• sfp - fixed initial eeprom reading on CCR1036-8G-2S+ and CCR1072-1G-8S+;
• sfp - removed "sfp-rate-select" as command was not relevant to currently supported hardware;
• sms - moved incorrectly logged message from async to gsm topic;
• sms - report error when unsupported modem is being used;
• snmp - added script table which executes script and returns it's output on get request;
• snmp - require write permitions for script run table access;
• snmp - skip forbidden oids on getnext completion;
• sstp - allow to specify proxy by dns name;
• sstp - now supports TLS_ECDHE algorithms;
• supout - fixed bug that could cause enormous size supout.rif files;
• supout - improved crash report generation for tile architecture;
• switch - added comment field for CRS switch VLANs;
• traffic-flow - allow ipv6 src address to be optional;
• traffic-flow - fixed IPFIX packet timestamp;
• traffic-flow - fixed IPFIX wrong flow sequence;
• trafficgen - add per stream packet count setting;
• trafficgen - show out-of-order packet counters in stats printouts;
• tunnel - fixed communication via tunnel to router itself if fastpath was active;
• tunnel - fixed ipv6 link-local address adding for gre;
• tunnel - increased minimal MRRU to 1500 for PPP interfaces;
• tunnel - ipv6 link-local address is now generated from tunnel local-address;
• usb - added support for SMSC95XX USB Ethernet dongle on mipsbe;
• usermanager - fixed rare crash on paypal payment;
• users - fixed script policy checking against user policies when running scripts;
• webfig - do not crash if radius server does not give out encryption keys;
• webfig - fixed certificate signing;
• winbox - added auto refresh for BFD neighbors;
• winbox - added comment field support for switch vlan menu;
• winbox - added default-authentication parameter for wireless station modes;
• winbox - added src-address field for traffic-flow target;
• winbox - adjust on-event field dynamically depending on window size;
• winbox - adjusted allowed values for http-proxy field;
• winbox - disabled MRRU by default for PPP interfaces;
• winbox - display actual-mtu for tunnels in interfaces window;
• winbox - fixed disconnect when no windows were opened for a while in unsecure mode;
• winbox - fixed multiline read only fields not displaying new line characters;
• winbox - fixed raw firewall showing jump targets from filter chains;
• winbox - hide ethernet flow control settings for interfaces which does not support them;
• winbox - removed health menu from devices that do not support it;
• winbox - removed L2MTU field for PPP interfaces;
• winbox - removed L2MTU field from PPP server binding settings;
• winbox - removed unset button for L2MTU field;
• winbox - show firmware-type in routerboard window;
• wireless - display DFS flag in country info;
• wireless - improved driver support for RB953, hAP ac, wAP ac;
• wireless - send deauth to data frames in scan mode.
• wireless - updated brazil country settings.

Полезные материалы по MikroTik

Секреты настройки MikroTik

Более 18.000 подписчиков самого большого telegram-канала «MikroTik-сэнсэй» первыми узнают секреты настройки MikroTik от автора этой статьи.

Подписаться на «MikroTik‑сэнсэй»