MikroTik RouterOS 6.39.x (Stable)

Материал из MikroTik Wiki

Подробное описание изменений в MikroTik RouterOS 6.39.x (Stable). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 27 апреля 2017, дата выхода последнего набора изменений – 6 июня 2017.

Полезные материалы по MikroTik

Углубленный курс "Администрирование сетевых устройств MikroTik"
Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA. 
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь

MikroTik RouterOS 6.39.2

Дата выхода: 6 июня 2017

Изменения:

  • 6to4 - fixed wrong IPv6 "link-local" address generation;
  • arp - fixed "make-static";
  • bonding - do not add bonding interface if "could not set MTU" error is received;
  • bridge - fixed connectivity between bridges when "fast-forward" feature is enabled;
  • conntrack - load IPv6 connection tracking independently from IPv4;
  • console - fixed "No such file or directory" warnings on upgrade reboots;
  • export - removed spare "caller-id-type" value from compact export;
  • fetch - fixed "user" and "password" argument parsing from URL for FTP;
  • firewall - fixed "address-list" entry "creation-time" adjustment to timezone;
  • firewall - do not allow to set "rate" value to 0 for "limit" parameter;
  • firewall - fixed "address-list" entry changing from IP to DNS and vice versa;
  • gps - removed duplicate logs;
  • ike1 - fixed crash on xauth message;
  • ike1 - removed xauth login length limitation;
  • ike2 - fixed rare kernel failure on address acquire;
  • ike2 - fixed situation when traffic selector prefix was parsed incorrectly;
  • ipsec - fixed generated policy priority;
  • ipsec - fixed peer "my-id" address reset;
  • ipsec - renamed "remote-dynamic-address" to "dynamic-address";
  • ipv6 - fixed address becoming invalid when interface was removed from bridge/mesh;
  • led - fixed turning off LED when interface is lost;
  • lte - improved info channel background polling;
  • lte - improved relialibility on SXT LTE;
  • lte - replaced "user-command" with "at-chat" command;
  • ppp - fixed "change-mss" functionality (introduced in 6.39);
  • ppp - fixed MLPPP over multiple channels/interfaces (introduced in v6.39);
  • ppp - send correct IP address in RADIUS "accounting-stop" messages (introduced in 6.39);
  • pppoe - fixed warning on PPPoE server, when changing interface to non-slave interface;
  • pppoe-client - removed false warning from client interface if it starts running on non-slave interface;
  • pppoe-server - fixed "one-session-per-host" issue where 2 simultaneous sessions were possible from the same host;
  • queue - fixed queuing when at least one child queue has "default-small" and other/s is/are different (introduced in 6.35);
  • quickset - fixed LTE "signal-strength" graphs;
  • sniffer - fixed VLAN tags when sniffing all interfaces;
  • snmp - fixed limited walk;
  • switch - fixed disabling of MAC learning on CRS1xx/CRS2xx;
  • tile - fixed EoIP keepalive when tunnel is made over VLAN interface;
  • tile - fixed rare encryption kernel failure when small packets are processed;
  • traffic-flow - fixed IPFIX IPv6 data reporting;
  • winbox - do not allow to open multiple same sub-menus at the same time;
  • winbox - fixed firewall port selection with Winbox v2;
  • winbox - fixed LTE info button;
  • winbox - removed spare values from "loop-protect" setting for EoIPv6 tunnels;
  • wireless - reduced load on CPU for high speed wireless links.

MikroTik RouterOS 6.39.1

Дата выхода: 27 апреля 2017

Изменения:

  • defconf - discard default configuration startup query with RouterOS upgrade;
  • defconf - discard default configuration startup query with configuration change from Webfig;
  • smb - fixed external drive folder sharing when "/flash" folder existed;
  • smb - fixed invalid default share after reboot when "/flash" folder existed;
  • upnp - fixed firewall nat rule update when external IP address changes;
  • dns - made loading thousands of static entries faster.

MikroTik RouterOS in 6.39

Дата выхода: 27 апреля 2017

Важные изменения:

  • bridge - added "fast-forward" setting and counters (enabled by default only for new bridges) (CLI only);
  • bridge - added support for special and faster case of fastpath called "fast-forward" (available only on bridges with 2 interfaces);
  • bridge - reverted bridge BPDU processing back to pre-v6.38 behaviour; (v6.40 will have another separate VLAN-aware bridge implementation);
  • filesystem - fixed rare situation when filesystem failed to read all configuration on startup;
  • filesystem - fixed rare situation when filesystem went into read-only mode (some configuration might have gotten lost on reboot);
  • firewall - discontinued support for p2p matcher (old rules will become invalid);
  • kernel - fixed UDP checksum handling in rare oveflow situations;
  • l2tp - added fastpath support when MRRU is enabled;
  • ppp - completely rewritten internal fragmentation algorithm (when MRRU is used), optimized for multicore;
  • ppp - implemented internal algorithm for "change-mss", no mangle rules necessary;
  • pppoe - added fastpath support when MRRU and MLPPP are enabled;
  • quickset - configuration changes are now applied only on "OK" and "Apply" (not on mode change);
  • tile - fixed IPSec hardware acceleration out-of-order packet problem, significantly improved performance;
  • winbox - minimal required version is v3.11.

Изменения:

  • address - fixed crash when address is assigned to another bridge port;
  • api - fixed double dynamic flags for "/ip firewall address-list print";
  • capsman - added "extension-channel" XX and XXXX auto matching modes;
  • capsman - added "keepalive-frames" setting;
  • capsman - added "skip-dfs-channels" setting;
  • capsman - added CAP discovery interface list support;
  • capsman - added DFS support;
  • capsman - added EAP identity to registration table;
  • capsman - added ability to specify multiple channels in frequency field;
  • capsman - added save-channel option to speed up frequency selection on CAPsMAN restart;
  • capsman - added support for "background-scan" and channel "reselect-interval";
  • capsman - added support for static virtual interfaces on CAP;
  • capsman - changed channel "width" name to "control-channel-width" and changed default values;
  • capsman - improved CAP status querying;
  • capsman - improved support for communicating frame priority between CAP and CAPsMAN;
  • certificate - SCEP client now supports FQDN URL and port;
  • certificate - allow CRL address to be specified as DNS name;
  • console - fixed "/ip neighbor discovery" export;
  • console - fixed DHCP/PPP add-default-route distance minimal value to 1;
  • console - fixed crash;
  • console - fixed incorrect ":put [/lcd get enabled]" value;
  • ddns - improved "dns-update" authentication validation;
  • defconf - fixed Groove 52 ac band settings;
  • defconf - fixed default configuration generation when wireless package is disabled;
  • dhcp-client - added "script" option which executes script on state changes;
  • dhcpv4 - fixed string option parser;
  • dhcpv4-server - added "lease-hostname" script parameter;
  • dhcpv4-server - by default make server “authoritative”;
  • dhcpv4-server - do some lease checks only on enabled object;
  • discovery - fixed LLDP discovery, IPv6 address was not parsed correctly;
  • dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=21&t=116471);
  • email - check for errors during SMTP exchange process;
  • ethernet - added "voltage-too-low" status for single port power injector devices;
  • ethernet - fixed "loop-protect" on "master-port";
  • ethernet - fixed rare switch chip hang (could cause port flapping);
  • ethernet - fixed unnecessary power cycle of powered device when changing any poe-out related setting on single port power injector devices;
  • ethernet - renamed "rx-lose" to "rx-loss" in ethernet statistics;
  • ethernet - reversed poe-priority on hEX PoE and OmniTIK 5 PoE to make "poe-priority" consistent to all other RouterOS priorities;
  • fastpath - fixed rare crash on devices with dynamic interfaces;
  • fetch - added "http-data" and "http-method" parameters to allow delete, get, post, put methods (content-type=application/x-www-form-urlencoded by default);
  • fetch - fixed authentication failure;
  • fetch - fixed download issue over HTTPS;
  • gps - added "fix-quality" and "horizontal-dilution" parameters;
  • graphing - fixed graph disappearance after power outage;
  • hotspot - added access to HTTP headers using $(http-header-name);
  • ike1 - fixed ph2 ID logging;
  • ike2 - allow multiple child SA traffic selectors on re-key;
  • ike2 - always replace empty TSi with configured address if it is available;
  • ike2 - check child state before allowing rekey;
  • ike2 - default to /32 peer address mask;
  • ike2 - fixed CTR mode;
  • ike2 - fixed EAP message length;
  • ike2 - fixed ISA handler object removal on SA delete;
  • ike2 - fixed RSA authentication without EAP;
  • ike2 - fixed ctr mode;
  • ike2 - fixed disabled DPD;
  • ike2 - fixed last EAP auth payload type;
  • ike2 - fixed ph2 state when sending notify;
  • ike2 - fixed policy release during SA negotion;
  • ike2 - fixed state when sending delete packet;
  • ike2 - improved logging;
  • ike2 - kill only child SAs which are not re-keyed by remote peer;
  • ike2 - log RADIUS timeout message under error topic;
  • ike2 - remove old SA after rekey;
  • ike2 - send EAP identity as user-name RADIUS attribute;
  • ike2 - update "calling_station_id" RADIUS attribute;
  • ike2 - update peer identity after successful EAP authentication;
  • ippool - return proper error message when trying to create duplicate name;
  • ipsec - added "last-seen" parameter to active connection list;
  • ipsec - allow mixing aead algorithms in proposal;
  • ipsec - better responder flag calculator for console;
  • ipsec - disallow AH+ESP combined policies ;
  • ipsec - do not loose "use-ipsec=yes" parameter after downgrade;
  • ipsec - enable aes-ni on i386 and x64 for cbc, ctr and gcm modes;
  • ipsec - fixed "/ip ipsec policy group export verbose";
  • ipsec - fixed "mode-cfg" verbose export;
  • ipsec - fixed SA authentication flag;
  • ipsec - renamed "hw-authenc" flag to "hw-aead";
  • ipsec - show hardware accelerated authenticated SAs;
  • ipsec - updated tilera classifier for UDP encapsulated ESP;
  • l2tp - added support for multiple L2TP tunnels (not to be confused with sessions) between same endpoints (required in some LNS configurations);
  • l2tp - fixed hidden attribute decryption in forwarded CHAP responses for LNS;
  • l2tp-server - added "caller-id-type" to forward calling station number to RADIUS on authentication;
  • l2tp-server - added "use-ipsec=required" option;
  • l2tp-server - fixed upgrade to keep "use-ipsec=yes" in L2TP server;
  • leds - added LTE modem access technology trigger;
  • leds - changed error message on unsupported board;
  • leds - do not update single LED state when it is not changed;
  • leds - show warning on print when "modem-signal-threshold" is not available;
  • log - added "gps" topic;
  • log - added "tr069" topic;
  • log - added missing "license limit exceeded" log entry;
  • log - added warning when Winbox/Dude sessions were denied;
  • log - do not show changes in packet if NAT has not been used;
  • log - make SNMP logs more compact;
  • lte - added "session-uptime" in info command;
  • lte - added LTE signal level reading for Cinterion modems;
  • lte - added error handling for remote AT execute;
  • lte - added initial support for DWR-910 modem;
  • lte - added initial support for Quectel ec25;
  • lte - added initialization for Cinterion;
  • lte - added log entry for SMS delivery report;
  • lte - added support for Vodafone R216 (Huawei);
  • lte - buffer AT events while info command is active;
  • lte - fixed "/interface lte info X once";
  • lte - fixed IPv6 address prefix on interface
  • lte - fixed network mode selection for me909u, mu609;
  • lte - fixed older standard CEREG parsing;
  • lte - fixed support for Huawai R216;
  • lte - fixed user-command;
  • lte - reset interface stats on "link-down";
  • netinstall - fixed typos;
  • ntp - restart NTP client when it is stuck in error state;
  • ppp - added "bridge-horizon" option under PPP/Profile;
  • ppp - added option to specify "interface-list" in PPP/Profile;
  • ppp - fixed rare kernel failure on PPP client connection;
  • ppp - fixed rare kernel failure when receiving IPv6 address on PPP interface;
  • ppp - include rates, limits and address-lists parameters in RADIUS accounting requests;
  • ppp-client - added support for Datacard 750UL, DWR-730 and K4607-Zr;
  • pppoe - added warning on PPPoE client/server, if it is configured on slave interface;
  • pppoe - set default keepalive 10s for newly created PPPoE clients;
  • quickset - added initial LTE AP mode support;
  • rb1100ahx2 - fixed random counter resets for ether12,13;
  • rb3011 - added partitioning support;
  • smb - fixed different memory leaks and crashes;
  • smb - fixed share path on devices with "/flash" directory;
  • smips - reduced RouterOS main package size;
  • snmp - "No Such Instance" error message is replaced with "No Such Object";
  • snmp - added fan-speed OIDs in "/system health print oid";
  • snmp - added optical table;
  • snmp - fixed rare crash;
  • snmp - improved getall filter;
  • snmp - improved response speed when multiple requests are received within short period of time;
  • snmp - increase "engineBoots" value on reboot;
  • snmp - optimized bridge table processing;
  • tile - added initial support for NVMe SSD disk drives;
  • tile - fixed IPSec crash (introduced in 6.39rc64);
  • tile - optimized hardware encryption;
  • tr069-client - added "Device.Hosts.Host.{i}." support;
  • tr069-client - added "Device.WiFi.NeighboringWiFiDiagnostic." support;
  • tr069-client - added "Ethernet.Interface.{i}.MACAddress" parameter;
  • tr069-client - added DHCP server support;
  • tr069-client - added Upload RPC "2 Vendor Log File" support;
  • tr069-client - added architecture name parameter (X_MIKROTIK_ArchName - vendor specific);
  • tr069-client - added basic stats parameters for some interface types;
  • tr069-client - added basic support for "/ip firewall filters";
  • tr069-client - added connection request authentication;
  • tr069-client - added firewall NAT support using vendor Parameters;
  • tr069-client - added parameters for DNS client management support;
  • tr069-client - added ping diagnostics support;
  • tr069-client - added support for escaped entity references (& < > ' ");
  • tr069-client - added support for managing "/system/identity/" value;
  • tr069-client - added support for memory and CPU load parameters;
  • tr069-client - added support for uploading/downloading factory script;
  • tr069-client - added traceroute diagnostics support;
  • tr069-client - close connection if CPE considers XML as invalid;
  • tr069-client - fixed "AddObjectResponse" "InstanceNumber" value;
  • tr069-client - fixed "Device.ManagementServer." value update;
  • tr069-client - fixed XML special character parsing;
  • tr069-client - fixed crash on =acs-url change special case;
  • tr069-client - fixed special escape characters on XML data send;
  • tr069-client - fixed write for "Device.ManagementServer.URL";
  • tr069-client - general improvements on reducing storage space;
  • tr069-client - generate random connection request target path;
  • tr069-client - hide "Device.PPP.Interface.{i}.Password" value;
  • tr069-client - improved LTE monitoring process;
  • tr069-client - increased performance on GetParameterValues;
  • tr069-client - made any Download RPC overwrite configuration except ".alter";
  • tr069-client - make more Parameters deny active notifications;
  • tr069-client - set CHR license ID as ".SerialNumber" value to avoid "no serial number" error in ACS;
  • traceroute - small fix;
  • tunnels - fixed reboot loop on configurations with IPIP and EoIP tunnels (introduced in 6.39rc68);
  • usb - added support for more CP210X devices;
  • userman - allow "name-for-user" to be empty and not unique;
  • userman - automatically select all newly created users to generate vouchers;
  • userman - fixed rare crash when User Manager requested file does not exist on router;
  • userman - fixed rare web interface crash while using Users section;
  • wAP ac - improved 2.4GHz wireless performance;
  • webfig - added menu bar to quickly select between Webfig, Quickset and Terminal;
  • webfig - allow shorten bytes to k,M,G in firewall "connection-bytes" and "connection-rates";
  • webfig - allow to change global variable contents;
  • webfig - allow to enter frequency ranges in wireless scan list;
  • webfig - allow to select "default-encryption" profile on PPP tunnels;
  • webfig - correctly specify routing filter prefix;
  • webfig - do not allow to reorder items if table is sorted by some column;
  • webfig - fixed bridge property display;
  • webfig - fixed delays on key press in terminal;
  • webfig - fixed tab ordering on Google Chrome;
  • webfig - fixed “last-link-up” & “last-link-down” time information;
  • webfig - improved field layout;
  • webfig - make Terminal window work within Webfig window;
  • webfig - show all available options under “Advanced Mode” for wireless interfaces;
  • webfig - show proper error messages for optional erroneous text fields;
  • winbox - added "Flush" button under unicast-fdb menu;
  • winbox - added "group-key-update" to CAPsMAN security settings;
  • winbox - added "k" and "M" unit support to PPP secret limit-bytes parameters;
  • winbox - added "memory-scroll", "filter-cpu", "filter-ipv6-address", "filter-operation-between-entries" parameters;
  • winbox - added "save-selected" setting under CAPsMAN channels;
  • winbox - added "static-virtual" to wireless CAP;
  • winbox - added GPS menu;
  • winbox - added protected routerboard parameters under routerboard settings menu;
  • winbox - allow shorten bytes to k,M,G in firewall "connection-bytes" and "connection-rates";
  • winbox - allow to change user password to empty one;
  • winbox - allow to not specify certificate in IPSec peer settings;
  • winbox - allow to specify "route-distance" in "dhcp-client" if "special-classless" mode is selected;
  • winbox - allow to specify certificate type when exporting it;
  • winbox - allow to specify interfaces that CAPsMAN can use for management;
  • winbox - allow unhide SNMP passwords;
  • winbox - allowed to specify static-dns as list;
  • winbox - do not allow Packet Sniffer "memory-limit" and "file-limit" lower than 10KiB;
  • winbox - do not create time field when copying CAPsMAN access list entry;
  • winbox - do not show "dpd-max-failures" on IKEv2;
  • winbox - do not show empty LTE fields in Info menu;
  • winbox - do not start Traffic Generator automatically when opening "Quick Start";
  • winbox - do not try to disable dynamic items from firewall tables;
  • winbox - fixed "Montly" typo to "Monthly" in Graphing menu;
  • winbox - fixed CAPsMAN channels frequency (allow to specify a list of them);
  • winbox - fixed IPSec "mode-config" DNS settings;
  • winbox - fixed issue when working IPSec policies were shown as invalid;
  • winbox - fixed misleading error when trying to export certificate;
  • winbox - fixed typo in BGP advertisements menu Aggragator->Aggregator;
  • winbox - hide "wps-mode" & "security-profile" in wireless nv2 mode;
  • winbox - hide health menu on RB450;
  • winbox - improved "/tool torch";
  • winbox - increased maximal number of Winbox sessions 20->100;
  • winbox - properly name CAP Interface on new interface creation;
  • winbox - properly show "dhcp-server" warnings;
  • winbox - properly show IPSec "installed-sa" "enc-algorithm" when it is aes-gcm;
  • winbox - properly show wireless registration table stat counters;
  • winbox - removed "sfp-rate-select" setting from ethernet interface;
  • winbox - removed unnecessary "/system health" menu on "hAP ac lite";
  • winbox - set default "dhcp-client" "default-route-distance" value to 1;
  • winbox - show "A" flag for IPSec policies;
  • winbox - show "H" flag for IPSec installed SAs;
  • winbox - show PoE-OUT current, voltage and power only on devices which can report these values;
  • wireless - added Egypt 5.8 country settings;
  • wireless - added PEAP authentication support for wireless station mode;
  • wireless - apply broadcast bit to DHCP requests when using "station-pseudobridge" mode;
  • wireless - do not allow equal MAC addresses between multiple Virtual APs when same "master-interface" is used;
  • wireless - fixed RBSXT5HacD2nr2 small channel support;
  • wireless - fixed crash while running "spectral-scan";
  • wireless - fixed dynamic wireless interface removal from bridge ports when changing wireless mode;
  • wireless - fixed false positive DFS radar detection caused by iPhone 6s devices;
  • wireless - fixed issue when wireless interfaces might not show up in CAP mode;
  • wireless - fixed occasional crash on interface disabling;
  • wireless - fixed rare crash on nv2 configurations;
  • wireless - fixed rare wireless ac interface lockup;
  • x86 - added support for NVMe SSD disk drives.

Полезные материалы по MikroTik

Углубленный курс "Администрирование сетевых устройств MikroTik"
Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA. 
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь