MikroTik RouterOS 6.41.x (Stable)

Материал из MikroTik Wiki
Перейти к навигации Перейти к поиску

Подробное описание изменений в MikroTik RouterOS 6.41.x (Stable). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 22 декабря 2017, дата выхода последнего набора изменений – 5 апреля 2018.

Чек-лист по настройке MikroTik
Проверьте свою конфигурацию по 28-ми пунктам

MikroTik RouterOS 6.41

Дата выхода: 22 декабря 2017

Важные примечания:

  • RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
  • This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
  • Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
  • The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
  • Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.


Важные изменения:


Изменения:

  • arm - minor improvements on CPU load distribution for RB1100 series devices;
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • bgp - added 32-bit private ASN support;
  • bridge - added comment support for VLANs;
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - added support for "/interface list" as a bridge port;
  • bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - set "igmp-snooping=no" by default on new bridges;
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - added possibility to downgrade CAP with Upgrade command from CAPsMAN;
  • capsman - return complete CA chain when issuing new certificate;
  • capsman - use "adaptive-noise-immunity" value from CAP local configuration;
  • certificate - added option to store CRL in RAM (CLI only);
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - improved CRL update after system startup;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • certificate - show invalid flag when local CRL file does not exist;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • console - removed "/setup";
  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • crs317 - fixed reliability on FAN controller;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs326 - improved transmit performance from SFP+ to Ethernet ports;
  • crs3xx - added ingress/egress rate input limits;
  • crs3xx - hide unused switch "vlan-mode", "vlan-header-mode" and "default-vlan-id" options;
  • crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
  • dhcp-server - added "option-set" argument (CLI only);
  • dhcp-server - added basic RADIUS accounting;
  • dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • dhcpv4-server - added "NETWORK_GATEWAY" option variable;
  • dhcpv4-server - strip trailing "\0" in "hostname" if present;
  • discovery - use "/interface list" instead of interface name under neighbor discovery settings;
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • ethernet - removed "master-port" parameter;
  • export - fixed interface list export;
  • fetch - accept all HTTP 2xx status codes;
  • filesystem - implemented additional system integrity checks on reboots;
  • firewall - added "tls-host" firewall matcher;
  • health - fixed bogus voltage readings on CCR1009;
  • hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
  • hotspot - fixed Walled Garden IP functionality when address-list is used;
  • ike1 - DPD retry interval set to 5 seconds;
  • ike1 - disallow peer creation using base mode;
  • ike1 - fixed crash on xauth if user does not exist;
  • ike1 - fixed memory corruption when IPv6 is used;
  • ike1 - improved stability on phase1 rekeying;
  • ike1 - release mismatched PH2 peer IDs;
  • ike1 - use /32 netmask if none provided by mode config;
  • ike2 - added support for multiple split networks;
  • ike2 - check identities on "initial-contact";
  • ike2 - do not allow to configure nat-traversal;
  • ike2 - fixed PH1 lifetime reset on boot;
  • ike2 - fixed initiator DDoS cookie processing;
  • ike2 - fixed responder DDoS cookie first notify type check;
  • ike2 - kill connection when peer changes address;
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
  • interface - added option to join and exclude "/interface list" from one and another;
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - fixed incorrect esp proposal key size usage;
  • ipsec - fixed policy enable/disable;
  • ipsec - improved hardware accelerated IPSec performance on 750Gr3;
  • ipsec - improved reliability on certificate usage;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipsec - skip invalid policies for phase2;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • l2tp - improved reliability on packet processing in FastPath;
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • log - added "bridge" topic;
  • log - fixed interface name in log messages;
  • log - optimized "poe-out" logging topic logs;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
  • lte - added Passthrough support;
  • lte - added Yota non-configurable modem support;
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • lte - fixed Passthrough support;
  • lte - fixed authentication for non LTE modes;
  • lte - fixed error when trying to add APN profile without name;
  • lte - fixed rare crash when initializing LTE modem after reset;
  • lte - fixed user authentication for R11e-LTE when new firmware is used;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - limited minimal default route distance to 1;
  • lte - update info command with "location area code" and "physical cell id" values;
  • m11g - improved ethernet performance on high load;
  • mac-server - use "/interface list" instead of interface name under MAC server settings;
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • neighbor - show neighbors on actual bridge port instead of bridge itself
  • netinstall - fixed missing "/flash/etc" on first bootup;
  • netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ovpn-server - do not periodically change automatically generated server MAC address;
  • poe - added new "poe-out" status "controller-error";
  • poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
  • poe - log PoE status related messages under debug topic;
  • ppp - added initial support for PLE902;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
  • ppp - fixed "change-mss" functionality when MSS option is missing on forwrded packets;
  • ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
  • quickset - fixed LTE quickset mode APN field;
  • quickset - fixed situation when Quickset automatically changes mode to CPE;
  • quickset - renamed router IP static DNS name to "router.lan";
  • radius - limited RADIUS timeout maximum value to 3 seconds;
  • route - fixed potential route crash on routing table update;
  • scheduler - properly display long scheduler configuration;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sms - fixed minor problem for SMS delivery;
  • sms - log decoded USSD responses;
  • snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • snmp - fixed bulk requests when non-repeaters are used;
  • snmp - fixed consecutive OID bulk get from the same table;
  • snmp - show only available OIDs under "/system health print oid";
  • ssh - do not use DH group1 with strong-crypto enabled;
  • ssh - enforced 2048bit DH group on tile and x86 architectures;
  • system - show USB topology for the device info;
  • tile - improved hardware encryption processes;
  • tr069-client - fixed "/interface lte apn" configuration parameters;
  • traceroute - improved "/tool traceroute" results processing;
  • upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
  • upnp - deny UPnP request if port is already used by the router;
  • ups - fixed duplicate "failed" UPS logs;
  • userman - allow to generate more than 999 users;
  • w60g - added "put-stations-in-bridge" and "isolate-stations" options to manage connected clients;
  • w60g - connected stations are treated as separate interfaces;
  • webfig - added favicon file;
  • webfig - fixed router getting reset to default configuration;
  • webfig - fixed terminal graphic user interface under Safari browser;
  • winbox - added "W60G station" tab in Wireless menu;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - added support for "_" symbol in terminal window;
  • winbox - added switch menu on RB1100AHx4;
  • winbox - do not show MetaROUTER stuff on RB1100AHx4;
  • winbox - do not show duplicate "Switch" menus for CRS326;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - do not show unnecessary tabs from "Switch" menu;
  • winbox - fixed "/certificate sign" process;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - added "allow-signal-out-off-range" option for Access List entries;
  • wireless - added "indonesia3" regulatory domain information;
  • wireless - added passive scan option for wireless scan mode;
  • wireless - added support for CHARGEABLE_USER_ID in EAP Accounting;
  • wireless - check APs against connect-list rules starting with strongest signal;
  • wireless - do not show background scan frequencies in the monitor command channel field;
  • wireless - improved reliability on "rx-rate" selection process;
  • wireless - increased the EAP message retransmit count;
  • wireless - log "signal-strength" when successfully connected to AP;
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated "UK 5.8 Fixed" and "Australia" country data;
  • wireless - updated "united kingdom" regulatory domain information.

MikroTik RouterOS 6.41.1

Дата выхода: 30 января 2018

Изменения:

  • bridge - fixed "mst-override" export;
  • bridge - fixed allowed MSTI priority values;
  • bridge - fixed ARP option changing on bridge (introduced v6.41);
  • bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
  • bridge - fixed hw-offload disabling when adding a port with "horizon" set;
  • bridge - fixed IGMP Snooping after disabling/enabling bridge;
  • bridge - fixed interface list moving in "/interface bridge port" menu;
  • bridge - fixed repetitive port "priority" set;
  • bridge - fixed situation when packet could be sent with local MAC as dst-mac;
  • bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
  • bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
  • btest - fixed TCP test accuracy when low TX/RX rates are used;
  • certificate - do not use utf8 for SCEP challenge password;
  • certificate - fixed PKCS#10 version;
  • crs317 - improved transmit performance between 10G and 1G ports;
  • crs326 - fixed possible packet leaking from CPU to switch ports;
  • crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
  • detnet - additional work on "detect-internet" implementation;
  • dhcpv4-server - fixed framed and classless route received from RADIUS server;
  • discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
  • dude - fixed e-mail notifications when default port is not used;
  • firewall - fixed "tls-host" firewall feature (introduced v6.41);
  • firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
  • ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
  • ike2 - delay rekeyed peer outbound SA installation;
  • ike2 - improve half-open connection handling;
  • ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
  • log - properly report bridge interface MAC address changes;
  • netinstall - improved LTE package description;
  • netinstall - properly generate skins folder when branding package is installed;
  • ovpn - fixed resource leak on systems with high CPU usage;
  • ppp - changed default value of "route-distance" to 1;
  • ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
  • radius - added warning if PPP authentication over RADIUS is enabled;
  • radius - increase allowed RADIUS server timeout to 60s;
  • rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
  • rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
  • routerboot - fixed missing upgrade firmware for "ar7240" devices;
  • sfp - improved SFP module compatibility;
  • snmp - allow also IPv6 on default public community;
  • tile - fixed USB device speed detection after reboot;
  • traffic-flow - do not count single extra packet per each flow;
  • webfig - added support for proper default policies when adding script or scheduler job;
  • webfig - fixed bridge port sorting order by name;
  • webfig - fixed MAC address ordering;
  • webfig - fixed wireless snooper address, SSID and other column ordering;
  • winbox - added "dhcp-option-set" to DHCP server;
  • winbox - allow to specify "to-ports" for "action=masquerade";
  • winbox - do not show "hw" option on non-Ethernet interfaces;
  • winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
  • wireless - updated "Czech Republic" country 5.8 GHz frequency range.

MikroTik RouterOS 6.41.2

Дата выхода: 6 февраля 2018

Изменения:

  • bridge - fixed ARP settings on bridge interfaces (introduced v6.41);
  • discovery - fixed discovery interface list change;
  • disk - fixed disk related processes becoming unresponsive after unplugging used disk;
  • filesystem - fixed situations when "/flash" directory lost files after upgrade;
  • ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
  • routerboard - properly report warnings under "/system routerboard" menu;
  • snmp - added w60g support;
  • w60g - fixed "/interface w60g reset-configuration";
  • webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
  • winbox - changed default bridge port PVID value to 1;
  • wireless - fixed wireless protocol mode restrictions if lockpack is installed and has limits for it.

MikroTik RouterOS 6.41.3

Дата выхода: 8 марта 2018

Важные изменения:

  • smb - fixed buffer overflow vulnerability, everyone using this feature is urged to upgrade;
  • tile - improved overall system performance and stability ("/system routerboard upgrade" required);


Изменения:

  • chr - automatically generate new system ID on first startup;
  • console - do not allow variables that start with digit to be referenced without "$" sign;
  • defconf - fixed DISC Lite5 LED default configuration;
  • export - fixed "/system routerboard mode-button" compact export;
  • filesystem - improved error correction process on RB1100AHx4 storage;
  • firewall - fixed "tls-host" firewall feature (introduced in v6.41);
  • gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
  • lte - fixed r11-LTE-US interface initialization process after reboot;
  • romon - make "secret" field sensitive in console;
  • smb - improved NetBIOS name handling and stability;
  • snmp - fixed w60g SSID value;
  • tile - fixed bogus voltage readings;
  • tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
  • usb - improved packet processing over USB modems;
  • winbox - fixed "/tool e-mail send" attachment behavior;
  • winbox - fixed maximal ID for Traffic Generator stream;
  • winbox - removed "Enable" and "Disable" buttons from IPsec "mode-config" list;
  • winbox - show "D" flag under "/ip dhcp-client" menu;
  • wireless - removed unused "/interface wireless registration-table monitor" command.

MikroTik RouterOS 6.41.4

Дата выхода: 5 апреля 2018

Важные изменения:

  • tile - improved overall system performance and stability ("/system routerboard upgrade" required);


Изменения:

  • led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
  • led - removed unused "link-act-led" trigger for devices which does not use it;
  • netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
  • poe - do not show "poe-out-current" on devices which can not determine it;
  • poe - hide PoE related properties on interfaces which does not provide power output;
  • winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
  • winbox - show dual SIM options only for RouterBOARDs which does have two SIM slots;
  • winbox - use proper graph name for HDD graphs;
  • wireless - enable all chains by default on devices without external antennas after configuration reset.
Чек-лист по настройке MikroTik
Проверьте свою конфигурацию по 28-ми пунктам