MikroTik RouterOS 6.40.x (Long-term)

Материал из MikroTik Wiki
Перейти к навигации Перейти к поиску

Подробное описание изменений в MikroTik RouterOS 6.40.x (Long-term). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 20 февраля 2018, дата выхода последнего набора изменений – 20 августа 2018.

Чек-лист по настройке MikroTik
Проверьте свою конфигурацию по 28-ми пунктам

MikroTik RouterOS 6.40.9

Дата выхода: 20 августа 2018

Важные изменения:

  • security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159.


  • certificate - fixed "add-scep" template existence check when signing certificate;
  • defconf - fixed wAP LTE kit default configuration;
  • ethernet - improved large packet handling on ARM devices with wireless;
  • ethernet - removed obsolete slave flag from "/interface vlan" menu;
  • filesystem - fixed NAND memory going into read-only mode;
  • hotspot - fixed user authentication when queue from old session is not removed yet;
  • interface - fixed interface configuration responsiveness;
  • ipsec - fixed policies becoming invalid if added after a disabled policy;
  • ldp - properly load LDP configuration;
  • ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
  • sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
  • snmp - added remote CAP count OID for CAPsMAN;
  • supout - added "partitions" section to supout file;
  • tile - fixed Ethernet interfaces becoming unresponsive;
  • tr069-client - fixed unresponsive tr069 service when blackhole route is present;
  • userman - fixed compatibility with PayPal TLS 1.2;
  • userman - improved unique username generation process when adding batch of users;
  • winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
  • winbox - allow to specify full URL in SCEP certificate signing process;
  • winbox - by default specify keepalive timeout value for tunnel type interfaces;
  • winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
  • winbox - show "scep-url" for certificates;
  • winbox - show "sector-writes" on ARM devices that have such counters;
  • winbox - show "sector-writes" on devices that have such counters;
  • winbox - show "System/Health" only on boards that have health monitoring;
  • wireless - added option to disable PMKID for WPA2;
  • wireless - enable all chains by default on devices without external antennas after configuration reset;
  • wireless - fixed packet processing after removing wireless interface from CAP settings;
  • wireless - improved client "channel-width" detection;
  • wireless - improved Nv2 PtMP performance;
  • wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
  • wireless - updated "united-states" regulatory domain information.

MikroTik RouterOS 6.40.8

Дата выхода: 23 апреля 2018

Важные изменения:

  • winbox - fixed vulnerability that allowed to gain access to an unsecured router.


  • certificate - fixed incorrect SCEP URL after an upgrade;
  • health - fixed empty measurements on CRS328-24P-4S+RM;
  • ike2 - use "policy-template-group" parameter when picking proposal as initiator;
  • ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
  • routerboard - fixed "mode-button" support on hAP lite r2 devices;
  • ssh - fixed SSH service becoming unavailable;
  • traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
  • winbox - show "Switch" menu on cAP ac devices;
  • wireless - improved compatibility with BCM chipset devices.

MikroTik RouterOS 6.40.7

Дата выхода: 29 марта 2018

Важные изменения:

  • smb - fixed buffer overflow vulnerability, everyone using this feature is urged to upgrade.


  • console - do not allow variables that start with digit to be referenced without "$" sign;
  • led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
  • netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
  • romon - make "secret" field sensitive in console;
  • tr069-client - fixed TR069 service becoming unavailable when related service package is not installed;
  • winbox - fixed "/tool e-mail send" attachment behavior;
  • winbox - fixed maximal ID for Traffic Generator stream;
  • winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
  • winbox - removed "Enable" and "Disable" buttons from IPsec "mode-config" list;
  • winbox - show "D" flag under "/ip dhcp-client" menu;
  • winbox - use proper graph name for HDD graphs;
  • wireless - enable all chains by default on devices without external antennas after configuration reset.

MikroTik RouterOS 6.40.6

Дата выхода: 20 февраля 2018


  • btest - fixed TCP test accuracy when low TX/RX rates are used;
  • certificate - do not use UTF-8 for SCEP challenge password;
  • certificate - fixed PKCS#10 version;
  • chr - generate new system ID on first boot;
  • crs317 - fixed reliability on FAN controller;
  • defconf - fixed DISC Lite5 LED default configuration;
  • dhcpv4-server - fixed framed and classless route received from RADIUS server;
  • disk - fixed disk detach process;
  • dude - fixed e-mail notifications when default port is not used;
  • export - fixed "/system routerboard mode-button" compact export;
  • filesystem - implemented additional system integrity checks on reboots;
  • firewall - limited maximum "address-list-timeout" value to “35w3d13h13m56s”;
  • hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
  • hotspot - fixed Walled Garden IP functionality when address-list is used;
  • ike1 - fixed crash on XAUTH if user does not exist;
  • ike1 - fixed memory corruption when IPv6 is used;
  • ike1 - improved stability on phase1 rekeying;
  • ike2 - added support for multiple split networks;
  • ike2 - delay rekeyed peer outbound SA installation;
  • ike2 - improve half-open connection handling;
  • ike2 - kill connection when peer changes address;
  • ike2 - use peer configuration address when available on empty TSi;
  • ipsec - fixed incorrect esp proposal key size usage;
  • ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
  • l2tp - improved reliability on packet processing in FastPath;
  • netinstall - improved LTE package description;
  • netinstall - properly generate skins folder when branding package is installed;
  • ovpn - fixed resource leak on systems with high CPU usage;
  • ovpn-server - do not periodically change automatically generated server MAC address;
  • ppp - do not disconnect active PPP connection after "idle-timeout";
  • ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
  • ppp - fixed "change-mss" functionality when MSS is not set on forwarded packets;
  • ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
  • pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
  • quickset - do not automatically change mode to CPE;
  • quickset - renamed router IP static DNS name to "router.lan";
  • route - fixed DHCP/PPP “add-default-route” “distance” minimal value to 1;
  • route - improved reliability on routing table update;
  • routerboard - properly report warnings under "/system routerboard" menu;
  • scheduler - properly display long scheduler configuration;
  • sfp - improved SFP module compatibility;
  • sms - fixed minor problem for SMS delivery;
  • snmp - added IPv6 addresses support on default "public" community;
  • snmp - fixed bulk requests when non-repeaters are used;
  • snmp - fixed consecutive OID bulk get from the same table;
  • traceroute - fixed "/tool traceroute" results print;
  • traffic-flow - do not count single extra packet per each flow;
  • webfig - added support for proper default policies when adding script or scheduler job;
  • webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
  • webfig - fixed bridge port sorting order by name;
  • webfig - fixed MAC address ordering;
  • webfig - fixed router getting reset to default configuration;
  • webfig - fixed column ordering;
  • winbox - allow to specify "to-ports" for "action=masquerade";
  • wireless - fixed wireless protocol mode restrictions if lockpack is installed and has limits for it;
  • wireless - removed unused monitor command from CLI;
  • wireless - updated "Australia", "Czech Republic", "UK 5.8 Fixed" and "United Kingdom" regulatory domain information.
Чек-лист по настройке MikroTik
Проверьте свою конфигурацию по 28-ми пунктам